Lucene search
K

58 matches found

Tenable Nessus
Tenable Nessus
added 2017/10/19 12:0 a.m.46 views

Xen Hypervisor I/O Intercept Code Hypervisor Stack Guest-to-Host Information Disclosure (XSA-239)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an unspecified flaw in the hvmemuldoio function in arch/x86/hvm/emulate.c that is triggered as an internal structure may contain data from an uninitialized hypervisor stack slot. This may...

8.8CVSS6.7AI score0.01547EPSS
Exploits1References11
Openbugbounty
Openbugbounty
added 2016/10/27 9:13 a.m.16 views

livejournal.com XSS vulnerability

Vulnerable URL: http://www.livejournal.com/update.bml?repost= Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 239 VIP website status:| Yes Check livejournal.com SSL connection:| Grade: B Coordinated Disclosure...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/06/10 12:0 a.m.61 views

HP SiteScope Log Analysis Tool Remote Privilege Escalation (credentialed check)

The HP SiteScope application installed on the remote host is affected by a privilege escalation vulnerability due to a failure to restrict the log path within the Log Analysis Tool. A remote, authenticated attacker can exploit this flaw to read the 'users.config' file, allowing an attacker to...

8.7CVSS5.6AI score0.03484EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/03/19 12:0 a.m.26 views

openSUSE Security Update : vorbis-tools (openSUSE-2015-239)

vorbis-tools was updated to fix division by zero and integer overflow by crafted WAV files CVE-2014-9638, CVE-2014-9639, bnc914439, bnc914441. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

5CVSS5.5AI score0.03579EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2013/11/14 12:0 a.m.42 views

Amazon Linux AMI : mod24_fcgid (ALAS-2013-239)

Heap-based buffer overflow in the fcgidheaderbucketread function in fcgidbucket.c in the modfcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. C Tenable Network Security, Inc. The descriptive text and package checks in...

7.5CVSS5.8AI score0.13141EPSS
Exploits0References2
Metasploit
Metasploit
added 2013/10/19 5:27 a.m.27 views

HP Intelligent Management BIMS DownloadServlet Directory Traversal

This module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the DownloadServlet from the BIMS component, in order to retrieve arbitrary files with SYSTEM privileges. This module has been tested successfully on HP Intelligent Management...

5CVSS7.2AI score0.37541EPSS
Exploits2
OpenVAS
OpenVAS
added 2009/09/28 12:0 a.m.36 views

Mandrake Security Advisory MDVSA-2009:239 (openssl)

The remote host is missing an update to openssl announced via advisory MDVSA-2009:239. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

5.1CVSS6.7AI score0.18241EPSS
Exploits3References1
Prion
Prion
added 2009/09/21 7:30 p.m.18 views

Design/Logic Flaw

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack...

4.9CVSS6.8AI score0.00408EPSS
Exploits3References4Affected Software2
Prion
Prion
added 2009/09/21 7:30 p.m.26 views

Design/Logic Flaw

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable,...

5.9CVSS6.8AI score0.00404EPSS
Exploits2References8Affected Software2
NVD
NVD
added 2009/09/21 7:30 p.m.21 views

CVE-2009-3279

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack...

4.9CVSS5.8AI score0.00379EPSS
Exploits1References3
Prion
Prion
added 2009/09/21 7:30 p.m.18 views

Information disclosure

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack...

4.9CVSS6.3AI score0.00404EPSS
Exploits3References3Affected Software2
NVD
NVD
added 2009/09/21 7:30 p.m.53 views

CVE-2009-3200

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable,...

5.9CVSS6.2AI score0.00404EPSS
Exploits2References8
NVD
NVD
added 2009/09/21 7:30 p.m.21 views

CVE-2009-3278

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack...

5.5CVSS5.3AI score0.00408EPSS
Exploits1References4
CVE
CVE
added 2009/09/21 7:0 p.m.51 views

CVE-2009-3279

CVE-2009-3279 (and related CVE-2009-3200) affects QNAP TS-239 Pro/TS-639 Pro firmwares 2.1.7 0613, 3.1.0 0627, 3.1.1 0815: it creates a LUKS partition using AES-256 in plain CBC, enabling local users to obtain sensitive information via a watermark attack; an undocumented recovery key stored in fl...

4.9CVSS5.8AI score0.00379EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2009/09/21 7:0 p.m.50 views

CVE-2009-3278

The CVE-2009-3278 entry concerns the QNAP TS-239 Pro and TS-639 Pro (firmware 2.1.7 0613, 3.1.0 0627, 3.1.1 0815). The vulnerability stems from using the rand library function to generate a recovery key, which makes it easier for local users to brute-force and determine this key. The connected do...

5.5CVSS5.3AI score0.00408EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2009/09/21 7:0 p.m.59 views

CVE-2009-3200

The CVE-2009-3200 entry describes a vulnerability in QNAP TS-239 Pro and TS-639 Pro devices running firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815. An undocumented recovery key is created and stored in the ENCK variable in flash memory, allowing local users to bypass the passphrase and decrypt t...

5.9CVSS6.3AI score0.00404EPSS
Exploits2References8Affected Software2
securityvulns
securityvulns
added 2009/09/21 12:0 a.m.172 views

Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)

Title: Crypto backdoor in Qnap storage devices Date: 18 September 2009 URL: http://www.baseline-security.de/downloads/BSC-QnapCryptoBackdoor-CVE-2009-3200.txt Vendor: QNAP Systems Products verified: TS-239 Pro, TS-639 Pro Products unverified: SS-439 Pro, TS-439 Pro, TS-439U-SP/RP, TS-509 Pro,...

5.9CVSS6.1AI score0.00404EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.37 views

Mandriva Linux Security Advisory : clamav (MDVSA-2008:239)

Ilja van Sprundel found that ClamAV contained a denial of service vulnerability in how it handled processing JPEG files, due to it not limiting the recursion depth when processing JPEG thumbnails CVE-2008-5314. Other bugs have also been corrected in 0.94.2 which is being provided with this update...

4.3CVSS5.3AI score0.08198EPSS
Exploits1References1
Rows per page
Query Builder