Lucene search
K

163 matches found

VulnCheck KEV
VulnCheck KEV
added 2020/10/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-1040

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To...

5.9CVSS7AI score0.48043EPSS
Exploits6References1
Prion
Prion
added 2020/08/21 9:15 p.m.17 views

Design/Logic Flaw

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the...

4.4CVSS7AI score0.00729EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/08/21 8:30 p.m.68 views

CVE-2020-9062

Diebold Nixdorf ProCash 2100xe USB ATMs (Wincor Probase 1.1.30) are affected by CVE-2020-9062. The CCDM–host communication lacks encryption, authentication, and integrity verification, enabling a physically proximate attacker to intercept/modify deposit messages (e.g., amount/value) and commit de...

5.3CVSS5.7AI score0.00172EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/08/21 8:30 p.m.80 views

CVE-2020-10124

CVE-2020-10124 affects NCR SelfServ ATMs running APTRA XFS 05.01.00. The vulnerability is due to the BNA–host communications not being encrypted, authenticated, or integrity-checked, enabling a physically proximate attacker to potentially execute arbitrary code and commit deposit forgery. The doc...

7.1CVSS7.1AI score0.00729EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/08/21 8:30 p.m.24 views

CVE-2020-10124

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the...

7.2AI score0.00729EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/02/27 12:0 a.m.4 views

The vulnerability of the wpa_supplicant function of the EAP-PWD protocol in wireless communication devices certified by WPA allows a hacker to gain unauthorized access to information.

The vulnerability of the wpasupplicant function in the EAP-PWD protocol for wireless communication devices certified by WPA is related to the lack of integrity checking for messages. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

6.5CVSS6.4AI score0.01404EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.5 views

The vulnerability in the implementation of the NTLM protocol in Windows operating systems arises from insufficient authentication checks for NTLM packets during their processing. This allows attackers to compromise the security functions of the NTLM MIC (Message Integrity Check) mechanism.

The vulnerability in the implementation of the NTLM protocol in Windows operating systems is related to insufficient authentication checks for NTLM packets during their processing. Exploiting this vulnerability allows an attacker to compromise the security functions of the NTLM Message Integrity...

5.9CVSS5.5AI score0.61676EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2019/10/25 11:25 a.m.52 views

Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020

Mobile carriers in the United States will finally offer a universal cross-carrier communication standard for the next-generation RCS messaging service that is meant to replace SMS and has the potential to change the way consumers interact with brands for years to come. All major United States...

6.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.40 views

Windows NTLM Tampering Vulnerability

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit...

5.9CVSS2.1AI score0.61676EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/06/26 12:0 a.m.6 views

The vulnerability of the Windows operating system, related to the improper functioning of the NTLM MIC (Message Integrity Check) security mechanism, allows a hacker to compromise the security functions of the NTLM mechanism.

The vulnerability of the Windows operating system is related to the improper functioning of the NTLM MIC Message Integrity Check security mechanism. Exploiting this vulnerability allows a malicious actor to compromise the security functions of the NTLM mechanism from a remote location...

7.1CVSS6AI score0.48043EPSS
Exploits6References4
CNVD
CNVD
added 2019/06/13 12:0 a.m.2 views

Microsoft Windows NTLM Tampering Security Bypass Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in Microsoft Windows. An attacker could exploit this...

5.9CVSS6.7AI score0.48043EPSS
Exploits6References1
OSV
OSV
added 2019/06/12 2:29 p.m.4 views

CVE-2019-1040

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit...

5.3CVSS7.1AI score0.48043EPSS
Exploits6References2
ThreatPost
ThreatPost
added 2019/06/11 4:0 p.m.273 views

Near-Ubiquitous Microsoft RCE Bugs Affect All Versions of Windows

UPDATE Two Microsoft vulnerabilities, CVE-2019-1040 and CVE-2019-1019, would allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication WIA such as Exchange or ADFS. According to researchers at Preemp...

6CVSS0.48043EPSS
Exploits7References7
Positive Technologies
Positive Technologies
added 2019/05/21 12:0 a.m.6 views

PT-2019-2474

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. This...

7.1CVSS7.1AI score0.48043EPSS
Exploits6References36
Prion
Prion
added 2019/05/13 4:29 p.m.11 views

Directory traversal

Directory Traversal was discovered in University of Cambridge moducamwebauth before 2.0.2. The key identification field "kid" of the IdP's HTTP response message "WLS-Response" can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is...

5CVSS7AI score0.01987EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/08/19 6:36 p.m.11 views

MGASA-2018-0348 Updated wpa_supplicant packages fix security vulnerability

Updated wpasupplicant packages fix security vulnerability: An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and clie...

6.5CVSS6.5AI score0.01404EPSS
Exploits0References4
CVE
CVE
added 2018/05/23 12:0 p.m.39 views

CVE-2018-7295

The CVE affects ffxivlauncher.exe in Square Enix Final Fantasy XIV for Windows (versions 4.21 and 4.25). Root cause: Improper enforcement of message integrity during transmission in a communication channel, where a session retrieves global.js via http before proceeding to use https. This enables ...

8.1CVSS7.9AI score0.00422EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/12/27 5:8 p.m.1 views

DEBIAN-CVE-2017-17848

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be...

7.5CVSS8AI score0.01843EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/02 12:0 a.m.3 views

RSI Video Technologies Frontel Data Authenticity Validation Vulnerability

RSI Video Technologies Frontel is a suite of receiver software for monitoring Videofied wireless video alarm systems from the French company RSI Video Technologies. A security vulnerability exists in RSI Video Technologies Frontel, which arises from the program's failure to protect the integrity ...

5.9CVSS6.8AI score0.00403EPSS
Exploits1References1
NVD
NVD
added 2006/05/31 10:2 p.m.17 views

CVE-2006-2712

Secure Elements Class 5 AVR aka C5 EVM client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages...

5CVSS6.6AI score0.02628EPSS
Exploits0References9
Rows per page
Query Builder