CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/07/25 6:23 p.m.•1 views

CVE-2022-35287

7.5CVSS5.8AI score

CNNVD•added 2022/07/25 12:0 a.m.•1 views

IBM Security Verify Information Queue 信任管理问题漏洞

IBM Security Verify Information Queue is an integration product from IBM of America, Inc. IBM Security Verify Information Queue version 10.0.2 is vulnerable to a trust management issue stemming from its use of hard-coded credentials used for inbound authentication, outbound communication to...

7.5CVSS5.6AI score0.00072EPSS

CNVD•added 2022/07/15 12:0 a.m.•21 views

Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerability

The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect SIMATIC S7-1200 controllers to a wide area network WAN. They provide integrated security features such as firewalls, virtual private networks VPNs, and support for other protocols with data encryption.The SIMATIC CP 1243-8 I...

9.8CVSS4.1AI score0.00981EPSS

Exploits0References1

CNVD•added 2022/07/15 12:0 a.m.•19 views

Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerability

9.8CVSS4AI score0.00582EPSS

Exploits0References1

CNVD•added 2022/07/15 12:0 a.m.•20 views

Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerability

10CVSS3.7AI score0.01258EPSS

Exploits0References1

The Hacker News•added 2022/07/13 10:23 a.m.•27 views

5 Questions You Need to Ask About Your Firewall Security

Often, organizations think of firewall security as a one-and-done type of solution. They install firewalls, then assume that they are "good to go" without investigating whether or not these solutions are actually protecting their systems in the best way possible. "Set it and forget it!" Instead o...

6.8AI score

OSV•added 2022/07/12 7:15 p.m.•1 views

CVE-2020-4157

IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337...

7.5CVSS5.8AI score

Mageia•added 2022/07/12 8:32 a.m.•149 views

Updated openssl packages fix security vulnerability

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS1.4AI score0.00509EPSS

Exploits0References3

OSV•added 2022/07/11 5:15 p.m.•1 views

CVE-2020-4150

IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142...

9.8CVSS5.8AI score

Malwarebytes•added 2022/07/11 10:55 a.m.•24 views

A week in security (July 4 – July 10)

Last week on Malwarebytes Labs: My Body, My Data Act would lock down reproductive and sexual health data "Free UK visa" offers on WhatsApp are fakes HackerOne insider fired for trying to claim other people’s bounties Update now! Chrome patches ANOTHER zero-day vulnerability Cloud-based malware is...

0.4AI score

CNNVD•added 2022/07/11 12:0 a.m.•2 views

IBM Security SiteProtector System 信任管理问题漏洞

IBM Security SiteProtector System is a centralized management system from IBM USA. It is used for unified management and analysis of network, server and desktop endpoint security agents and small networks or devices. A trust management issue vulnerability exists in IBM Security SiteProtector Syst...

9.8CVSS7AI score0.00058EPSS

Tenable Nessus•added 2022/07/08 12:0 a.m.•68 views

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2022:2312-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2312-1 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under...

5.3CVSS6.9AI score0.00509EPSS

Debian CVE•added 2022/07/05 10:30 a.m.•88 views

CVE-2022-2097

5.3CVSS6.5AI score0.00509EPSS

Cvelist•added 2022/07/05 10:30 a.m.•26 views

CVE-2022-2097 AES OCB fails to encrypt some bytes

7.6AI score0.00509EPSS

Exploits0References13

OpenSSL•added 2022/07/05 12:0 a.m.•76 views

Vulnerability in OpenSSL - AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn’t written. In the special case of “in place” encryption...

7.5AI score0.00509EPSS

Exploits0Affected Software1

Tenable Nessus•added 2022/07/05 12:0 a.m.•309 views

OpenSSL 1.1.1 < 1.1.1q Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1q. It is, therefore, affected by a vulnerability as referenced in the 1.1.1q advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under so...

5.3CVSS6.9AI score0.00509EPSS

Microsoft Malware Protection•added 2022/06/21 6:0 a.m.•18 views

Securing your IoT with Edge Secured-core devices

A recent study conducted by Microsoft in partnership with Ponemon Institute included a survey of companies that have adopted IoT solutions and 65 percent of them mentioned that security is a top priority when implementing IoT. Attacks targeting IoT devices put businesses at risk. Impacted devices...

0.6AI score

Microsoft Secure•added 2022/06/21 6:0 a.m.•19 views

Securing your IoT with Edge Secured-core devices

0.6AI score