Lucene search
K

155 matches found

Cvelist
Cvelist
added 2023/02/08 7:0 p.m.31 views

CVE-2023-0401 NULL dereference during PKCS7 data verification

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.7AI score0.01846EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/02/08 12:0 a.m.41 views

OpenSSL 3.0 < 3.0.8 Multiple Vulnerabilities - Linux

OpenSSL is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7AI score0.01846EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/02/08 12:0 a.m.48 views

SUSE: Security Advisory (SUSE-SU-2023:0312-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.59501EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/02/07 12:0 p.m.7 views

roaring-landmask (=0.4.0) potentially affected by CVE-2023-0401 via openssl-src (=300.0.0+3.0.0)

openssl-src CARGO version =300.0.0+3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - roaring-landmask =0.4.0 Source cves: CVE-2023-0401 Source advisory: OSV:RUSTSEC-2023-0013...

7.5CVSS7.1AI score0.01846EPSS
Exploits0
OpenSSL
OpenSSL
added 2023/02/07 12:0 a.m.53 views

Vulnerability in OpenSSL - NULL dereference during PKCS7 data verification

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.6AI score0.01846EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.34 views

Security Bulletin: IBM Smart Analytics System 5600 is affected by vulnerabilities in the IBM Java SDK

Abstract The IBM Smart Analytics System 5600 contains a management host that is installed with the Mozilla Firefox browser. The browser is configured to use IBM Java SDK for Java Web Start applications. The browser software is configured in this manner to allow the use of the Remote Control...

10CVSS8.4AI score0.98704EPSS
Exploits74Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.50 views

Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Abstract This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...

10CVSS8AI score0.98704EPSS
Exploits55Affected Software2
The Hacker News
The Hacker News
added 2022/06/24 8:2 a.m.32 views

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/14 12:43 p.m.209 views

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

Microsoft has warned that "multiple adversaries and nation-state actors" are making use of the recent Atlassian Confluence RCE vulnerability. A fix is now available for CVE-2022-26134. It is essential users of Confluence address the patching issue immediately. Confluence vulnerability: Background...

7.5CVSS10AI score0.99999EPSS
Exploits76
Openbugbounty
Openbugbounty
added 2022/04/10 5:26 p.m.10 views

sakura-0401.com Cross Site Scripting vulnerability OBB-2490920

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2022/02/01 12:28 p.m.22 views

CVE-2022-0401 Path Traversal in yuda-lyu/w-zip

Path Traversal in NPM w-zip prior to 1.0.12...

9.4CVSS9.2AI score0.01623EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/02/01 12:28 p.m.29 views

CVE-2022-0401 Path Traversal in yuda-lyu/w-zip

Path Traversal in NPM w-zip prior to 1.0.12...

9.4CVSS9.6AI score0.01623EPSS
Exploits1References2
CVE
CVE
added 2022/02/01 12:28 p.m.64 views

CVE-2022-0401

CVE-2022-0401 affects the npm package w-zip : a path traversal flaw during archive extraction exists in versions prior to 1.0.12. Root cause: improper handling of extraction paths enables directory traversal. Impact: as described in the entry, path traversal could lead to unauthorized file access...

9.8CVSS9.4AI score0.01623EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2017-0401)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.0437EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.35 views

Mageia: Security Advisory (MGASA-2016-0401)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.1AI score0.01765EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2019-0401)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02689EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2021/11/22 12:0 a.m.375 views

Backdoor.Win32.Acropolis.10 Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e865fc7225c84165d7aa0c7d8a1bcb77.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Acropolis.10 Vulnerability: Insecure Permissions Description: The malware writes an...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2013:0835-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.2258EPSS
Exploits6References3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2013:0835-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.2258EPSS
Exploits6References3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2013:0871-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.2258EPSS
Exploits6References3
Rows per page
Query Builder