Lucene search
K

1299 matches found

Positive Technologies
Positive Technologies
added 2017/12/08 12:0 a.m.6 views

PT-2017-14272 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions 6.0.x before 6.0.3-8754-3 Synology DiskStation Manager DSM versions 5.2-5967-6 and earlier Description: A directory traversal issue in the SYNO.FileStation.Extract component allows remote authenticate...

6.5CVSS7.1AI score0.01974EPSS
Exploits0References4
NVD
NVD
added 2017/11/15 4:29 p.m.22 views

CVE-2017-15272

The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a...

5.3CVSS5.3AI score0.00561EPSS
Exploits4References3
Kitploit
Kitploit
added 2017/11/12 9:27 p.m.319 views

fatcat - FAT Filesystems Explore, Extract, Repair, And Forensic Tool

This tool is designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them. It currently supports FAT12, FAT16 and FAT32. Tutorials & examples Building and installing You can build fatcat this way: mkdir build cd build cmake .. make And then install it:...

8.9AI score
Exploits0References7
CNVD
CNVD
added 2017/10/09 12:0 a.m.10 views

Apple macOS High Sierra Security Security Bypass Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple Inc. for Mac computers.Security component is one of the security components. A security bypass vulnerability exists in the Security component of Apple macOS High Sierra versions prior to 10.13. An attacker can exploit th...

5.5CVSS6.2AI score0.00328EPSS
Exploits0References1
Information Security Automation
Information Security Automation
added 2017/10/02 11:27 p.m.2356 views

Downloading and analyzing NVD CVE feed

In previous post "New National Vulnerability Database visualizations and feeds" I mentioned JSON NVD feed. Let's see what data it contains, how to download and analyse it. First of all, we need to download all files with CVEs from NVD database and save them to some directory. Unfortunately, there...

9.3CVSS8.1AI score0.26316EPSS
Exploits0
CNVD
CNVD
added 2017/09/22 12:0 a.m.4 views

Multiple Thales nShield Connect Hardware Privilege Access Control Vulnerabilities

Thales nShield Connect hardware models 500 and others are networked HSM Hardware Security Module devices from Thales e-Security, USA. A security vulnerability exists in several models of Thales nShield Connect hardware. An attacker in close physical proximity could exploit this vulnerability to...

6.8CVSS6.7AI score0.00348EPSS
Exploits0References1
Broadcom
Broadcom
added 2017/08/25 12:0 a.m.6 views

BSA-2017-380

Security Advisory ID : BSA-2017-380 Component : OpenVPN Revision : 1.0: Interim OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension. Affected Products Brocade is...

5.9CVSS7AI score0.03855EPSS
Exploits0
CNVD
CNVD
added 2017/08/03 12:0 a.m.1 views

eapmd5pass 'extract_eapusername' function denial of service vulnerability

eapmd5pass is a penetration testing tool for attacks against the EAP-MD5 protocol. A security vulnerability exists in the 'extracteapusername' function in eapmd5pass version 1.4. A remote attacker can exploit this vulnerability by generating specially crafted network traffic to cause the eapmd5pa...

7.5CVSS6.9AI score0.01258EPSS
Exploits1References1
OSV
OSV
added 2017/07/08 5:29 p.m.5 views

ALPINE-CVE-2017-11108

tcpdump 4.9.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via crafted packet data. The crash occurs in the EXTRACT16BITS function, called from the stpprint function for the Spanning Tree Protocol...

7.5CVSS7.1AI score0.04901EPSS
Exploits0References1
OSV
OSV
added 2017/07/08 5:29 p.m.3 views

DEBIAN-CVE-2017-11108

tcpdump 4.9.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via crafted packet data. The crash occurs in the EXTRACT16BITS function, called from the stpprint function for the Spanning Tree Protocol...

7.5CVSS7.7AI score0.04901EPSS
Exploits0References1
OSV
OSV
added 2017/07/07 6:29 p.m.3 views

CVE-2017-11100

When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swfFoldSprite function in lib/rxfswf.c...

8.8CVSS5.8AI score0.01421EPSS
Exploits1References1
OSV
OSV
added 2017/06/27 1:29 p.m.1 views

DEBIAN-CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

5.9CVSS7.1AI score0.03855EPSS
Exploits0References1
OSV
OSV
added 2017/06/21 12:0 a.m.4 views

UBUNTU-CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

5.9CVSS7AI score0.03855EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/09 4:49 a.m.3 views

Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries

Overview Installer of CASL II simulatorself-extract format provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this...

7.8CVSS7.1AI score0.00911EPSS
Exploits0References6
OSV
OSV
added 2017/05/29 4:29 a.m.36 views

UBUNTU-CVE-2016-10377

In Open vSwitch OvS 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in lib/flow.c in the function miniflowextract, permitting remote bypass of the access control list enforced by the switch...

8.8CVSS7.5AI score0.00943EPSS
Exploits0References3
OSV
OSV
added 2017/05/29 4:29 a.m.4 views

DEBIAN-CVE-2016-10377

In Open vSwitch OvS 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in lib/flow.c in the function miniflowextract, permitting remote bypass of the access control list enforced by the switch...

8.8CVSS7.1AI score0.00943EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/05/24 12:48 p.m.26 views

CVE-2017-8932

A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could possibly use this flaw to extract private keys when static ECDH was used...

5.9CVSS2.3AI score0.02225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/04/24 6:59 p.m.5 views

CVE-2016-4313

Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. dot dot in an archive file...

7.8CVSS6AI score0.08679EPSS
Exploits5References6
OSV
OSV
added 2017/04/24 6:59 p.m.3 views

CVE-2016-4313

Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. dot dot in an archive file...

7.8CVSS6AI score0.08679EPSS
Exploits5References5
CVE
CVE
added 2017/04/24 6:0 p.m.58 views

CVE-2016-4313

CVE-2016-4313 affects eXtplorer 2.1.9 (and earlier) in the unzip/extract feature, enabling directory traversal and arbitrary file writes via crafted archives containing "../". Affected component is the unzip/extract functionality; root cause is path traversal in archive extraction. Reported impac...

7.8CVSS7.7AI score0.08679EPSS
Exploits5References5Affected Software1
Rows per page
Query Builder