Lucene search
K

442 matches found

ATTACKERKB
ATTACKERKB
added 2023/09/22 5:15 a.m.3 views

CVE-2023-43767

Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 1...

7.5CVSS5.9AI score0.00531EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.5 views

WithSecure products Security breaches

WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability in WithSecure products exists because the antivirus engine may crash when scanning for fuzzy PE32 files, which could be exploited by an attacker to cause a denial of service DoS of the...

7.5CVSS6.5AI score0.00531EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.4 views

WithSecure products Security breaches

WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability in WithSecure products exists because the antivirus engine may crash when scanning for fuzzy PE32 files, which could be exploited by an attacker to cause a denial of service DoS of the...

7.5CVSS6.5AI score0.00531EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.5 views

WithSecure products Security breaches

WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure products, which originates from the aepack archive unpack handler program that allows a local user to perform a denial of service on a system and bypass security...

7.5CVSS6.3AI score0.00531EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.3 views

PT-2023-28974 · Withsecure · Withsecure Elements Endpoint Protection +5

Name of the Vulnerable Software and Affected Versions: WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure...

7.5CVSS7.2AI score0.00531EPSS
Exploits0References8
OSV
OSV
added 2023/08/29 7:15 p.m.3 views

CVE-2023-3251

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0...

4.9CVSS5.8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2023/08/18 11:48 a.m.39 views

New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft

A new "mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations. The activity, active since April 2023 and still ongoing, targets a wide range of small and medium business...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/07 1:56 p.m.40 views

North Korean Hackers Targets Russian Missile Engineering Firm

Two different North Korean nation-state actors have been linked to a cyber intrusion against NPO Mashinostroyeniya, a major Russian missile engineering company. Cybersecurity firm SentinelOne said it identified "two instances of North Korea related compromise of sensitive internal IT...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2023/08/04 3:57 p.m.56 views

CVE-2023-38686 Sydent does not verify email server certificates

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

9.3CVSS9.2AI score0.00229EPSS
Exploits0References7
OSV
OSV
added 2023/04/28 8:15 p.m.2 views

CVE-2023-2389

A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewalllogsemail.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to...

4.8CVSS3.9AI score0.00663EPSS
Exploits1References3
OSV
OSV
added 2023/04/28 6:15 p.m.4 views

CVE-2023-2383

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewalllogsemail.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cro...

4.8CVSS3.7AI score0.00663EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/13 12:0 a.m.8 views

PT-2023-2603 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: The issue exists due to insufficient input validation in the web management interface of the Netgear SRX5308 router's embedded software. This allows a remote attacker to conduct a cross-site...

4.8CVSS4AI score0.00663EPSS
Exploits1References8
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.210 views

BulletProof FTP Server 2019.0.0.51 Denial Of Service

Exploit Title: BulletProof FTP Server 2019.0.0.51 - Denial of Service Discovery by: Yehia Elghaly - Mrvar0x Discovery Date: 2023-03-31 Vendor Homepage: https://barcodemagic.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.51 Tested on:...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/28 12:0 a.m.9 views

The vulnerability of the STARTTLS function in email servers, related to insufficient elimination of special elements in the request, allows attackers to compromise data integrity.

The vulnerability of the STARTTLS function of the Exim mail server is related to insufficient elimination of special elements in the request. Exploiting this vulnerability could allow a malicious actor to compromise data integrity remotely...

7.8CVSS7.2AI score0.01996EPSS
Exploits0References11Affected Software4
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.12 views

Debian: Security Advisory (DLA-0004-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS5.8AI score0.03331EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/02/15 6:10 p.m.23 views

Denial of service vulnerability on Password reset page

Impact Previous versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may...

7.5CVSS5.6AI score0.00908EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/02/15 3:15 p.m.20 views

Code injection

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...

2.6CVSS5.5AI score0.00908EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.6 views

Kiwi TCMS 安全漏洞

Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A security vulnerability exists in Kiwi TCMS versions prior to 12.0, which stems from the fact that the system is not rate-limited, which makes brute-force attacks on the login...

9.8CVSS8.3AI score0.00902EPSS
Exploits0References5
CVE
CVE
added 2023/02/15 12:0 a.m.59 views

CVE-2023-25171

Kiwi TCMS before version 12.0 does not implement rate limiting, enabling potential denial-of-service on the Password reset page by flooding with emails and straining SMTP resources. The issue is mitigated by upgrading to v12.0 or later. Workarounds include deploying a rate-limiting proxy in front...

7.5CVSS6.1AI score0.00908EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.39 views

CVE-2023-25171 Kiwi TCMS has denial of service vulnerability on Password reset page

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...

7.5CVSS7.5AI score0.00908EPSS
Exploits0References4
Rows per page
Query Builder