CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2017/06/06 4:0 p.m.•52 views

CVE-2017-5243

The CVE-2017-5243 issue affects Rapid7 Nexpose physical hardware appliances shipped before June 2017, where the default SSH configuration did not specify desired KEX, cipher, or MAC algorithms. This caused the SSH implementation to fall back to all algorithms supported by the OpenSSH version in u...

8.5CVSS8.3AI score0.0018EPSS

Exploits0References1Affected Software1

Cvelist•added 2017/06/06 4:0 p.m.•16 views

CVE-2017-5243

8.4AI score0.0018EPSS

CNVD•added 2017/06/06 12:0 a.m.•2 views

Rapid7 Nexpose Hardware Device Man-in-the-Middle Attack Vulnerability

Rapid7 Nexpose hardware appliances are hardware devices with Nexpose from Rapid7, Inc. Nexpose is a set of vulnerability management software that can synthesize the results of different scans to probe the network in depth. A man-in-the-middle vulnerability exists in the default SSH configuration ...

8.5CVSS6.8AI score0.0018EPSS

Krebs on Security•added 2017/06/01 12:55 p.m.•30 views

OneLogin: Breach Exposed Ability to Decrypt Data

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. Headquartered in San Francisco, OneLogin provides single sign-on and...

6.8AI score

The Coalfire Blog•added 2017/05/25 5:12 p.m.•18 views

Ransomware: the anatomy of paying a ransom to decrypt hostage files

Ransomware is on the rise and clients seeking to understand the process can learn from this clients story about being a victim of ransomware as to what can be expected and how to handle a ransomware attack. Recently a company facing a malware infection approached us to help them deal with the...

1.8AI score

ThreatPost•added 2017/05/19 1:4 p.m.•17 views

Available Tools Making Dent in WannaCry Encryption

Tools are beginning to emerge that can be used to start the process of recovering files encrypted by WannaCry on some Windows systems. This takes on extra urgency because today marks one week from the initial outbreak, and files encrypted during that first wave are on the clock and close to being...

Exploits0References7

The Hacker News•added 2017/05/18 9:8 p.m.•14 views

WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom

If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals. Adrien Guinet, a French security researcher from Quarkslab, has discovered a way t...

6.8AI score

CNVD•added 2017/05/18 12:0 a.m.•3 views

Google Chrome Security Bypass Vulnerability (CNVD-2017-07170)

Google Chrome is a web browser developed by the American company Google Google. A security bypass vulnerability exists in Google Chrome, which originates when the program caches a TLS session before validating a certificate. An attacker can exploit the vulnerability to decrypt TLS sessions...

6.5CVSS6.5AI score0.00063EPSS

rapid7community•added 2017/05/17 9:31 p.m.•46 views

CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key

Today, Rapid7 is notifying Nexpose and InsightVM users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. ...

7.4AI score0.0023EPSS

The Hacker News•added 2017/05/10 10:16 p.m.•11 views

Dutch Police Seize Another Company that Sells PGP-Encrypted Blackberry Phones

The Dutch police arrested four suspects on Tuesday on suspicion of money laundering and involvement in selling custom encrypted BlackBerry and Android smartphones to criminals. The Dutch National High Tech Crime Unit NHTCU, dedicated team within the Dutch National Police Agency aims to investigat...

6.6AI score

Prion•added 2017/05/10 2:29 p.m.•19 views

Design/Logic Flaw

Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data...

2.1CVSS5AI score0.00047EPSS

Cvelist•added 2017/05/10 2:0 p.m.•16 views

CVE-2017-4896

4AI score0.00047EPSS

CVE•added 2017/05/10 2:0 p.m.•54 views

CVE-2017-4896

CVE-2017-4896 affects VMware Airwatch Inbox for Android, where a rooted device may decrypt local app data, enabling potential confidential data disclosure. The vulnerability stems from weaknesses in local data protection within the Airwatch Inbox component. Affected software is Airwatch Inbox for...

3.8CVSS5AI score0.00047EPSS

Exploits0References3Affected Software2

NVD•added 2017/05/03 8:59 p.m.•9 views

CVE-2017-7229

PGP/MIME encrypted messages injected into a Vaultive O365 before 4.5.21 frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted...

9.1CVSS9.2AI score0.00245EPSS

Prion•added 2017/04/26 2:59 p.m.•16 views

Hardcoded credentials

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

5CVSS7.5AI score0.00868EPSS

Exploits0References3Affected Software1

OSV•added 2017/04/26 2:59 p.m.•2 views

CVE-2017-6054

7.5CVSS5.8AI score0.00868EPSS

Cvelist•added 2017/04/26 2:0 p.m.•13 views

CVE-2017-6054

7.6AI score0.00868EPSS