Lucene search
K

1344 matches found

NVD
NVD
added 2017/02/13 3:59 p.m.15 views

CVE-2016-8495

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle MITM attack via the Fortisandbox devices probing feature...

7.4CVSS7.3AI score0.00899EPSS
Exploits0References3
Prion
Prion
added 2017/02/13 3:59 p.m.14 views

Input validation

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle MITM attack via the Fortisandbox devices probing feature...

5.8CVSS7.1AI score0.00899EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2017/01/17 3:55 a.m.6 views

Man-in-the-Middle (MitM)

flink-mesos is susceptible to man-in-the-middle attacks. The attack is possible because it does not use canonical hostname verification in SSL validation for client-to-server connections...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2017/01/16 5:58 a.m.101 views

Nextcloud: HTTP-Basic Authentication on logs.nextcloud.com

Greetings, While visiting https://logs.nextcloud.com/ , I noticed that this server use HTTP-Basic Authentication. F152730 POC : ------ GET https://logs.nextcloud.com/ HTTP/1.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.11; rv:50.0 Gecko/20100101 Firefox/50.0 Accept:...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2017/01/14 12:6 a.m.11 views

Explained — What's Up With the WhatsApp 'Backdoor' Story?

What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not...

6.7AI score
Exploits0
NVD
NVD
added 2017/01/13 9:59 a.m.15 views

CVE-2016-10138

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...

7.8CVSS7.7AI score0.00378EPSS
Exploits0References3
Prion
Prion
added 2017/01/13 9:59 a.m.39 views

Design/Logic Flaw

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...

7.2CVSS7.7AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/01/13 9:0 a.m.24 views

CVE-2016-10138

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...

7.7AI score0.00378EPSS
Exploits0References3
OSV
OSV
added 2017/01/09 5:59 p.m.2 views

CVE-2016-10125

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session...

8.1CVSS5.8AI score0.01169EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.24 views

MS15-031: Vulnerability in SChannel could allow security feature bypass: March 10, 2015

MS15-031: Vulnerability in SChannel could allow security feature bypass: March 10, 2015 Summary This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows...

6.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.24 views

MS15-089: Vulnerability in WebDAV could allow security feature bypass: August 11, 2015

MS15-089: Vulnerability in WebDAV could allow security feature bypass: August 11, 2015 Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer SSL 2.0 session and uses a...

5.8AI score
Exploits0
Veracode
Veracode
added 2017/01/04 6:37 a.m.13 views

Man In The Middle (MitM)

arcanist is vulnerable to man-in-the-middle MitM attacks via downloading resources over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the...

9.3CVSS8.2AI score0.01682EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/01/03 6:28 a.m.15 views

Man-in-the-Middle (MitM)

react-native-baidu-voice-synthesizer is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

9.3CVSS8.2AI score0.01752EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2016/12/20 6:28 a.m.18 views

Man In The Middle (MitM)

nw is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or...

9.3CVSS8.3AI score0.01756EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2016/12/14 12:0 a.m.50 views

Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS Vulnerabilities

Exploit for macOS platform in category dos / poc Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS Credit: Maksymilian Arciemowicz https://cxsecurity.com/ --- 0. Description ---- The latest macOS and iOS have weak OCSP validation process which allow attacker to send OCSP...

4.3CVSS7.8AI score0.01453EPSS
Exploits1
OSV
OSV
added 2016/12/13 6:35 p.m.2 views

USN-3156-1 apt vulnerability

Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages...

5.9CVSS6.1AI score0.07308EPSS
Exploits2References2
OSV
OSV
added 2016/11/19 12:7 a.m.6 views

USN-3124-1 firefox vulnerabilities

Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a special...

9.8CVSS7.3AI score0.12416EPSS
Exploits4References19
OpenVAS
OpenVAS
added 2016/11/19 12:0 a.m.47 views

Ubuntu: Security Advisory (USN-3124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.12416EPSS
Exploits4References2
Packet Storm
Packet Storm
added 2016/11/08 12:0 a.m.70 views

Android Proxy Auto Config (PAC) Crash

Original at: https://wwws.nightwatchcybersecurity.com/2016/11/07/crashing-android-devices-with-large-pac-files-cve-2016-6723/ Summary Android devices can be crashed forcing a halt and then a soft reboot by downloading a large proxy auto config PAC file when adjusting the Android networking...

5.4CVSS0.3AI score0.00611EPSS
Exploits2
Mageia
Mageia
added 2016/11/04 7:58 a.m.49 views

Update request kernel-linus-4.4.26-1 fixes security issues

This update is based on the upstream 4.4.26 kernel and fixes at least these security issues: An issue with ASN.1 DER decoder was reported that could lead to memory corruptions, possible privilege escalation, or complete local denial of service via x509 certificate DER files CVE-2016-0758...

7.8CVSS3AI score0.83524EPSS
Exploits94References11
Rows per page
Query Builder