Lucene search
K

48 matches found

Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.26 views

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2023-2267)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover...

7.4CVSS7.1AI score0.01403EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/04 9:12 p.m.11 views

CVE-2023-28841 moby/moby's dockerd daemon encrypted overlay network traffic may be unencrypted

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

6.8CVSS7.3AI score0.00696EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.30 views

RHEL 9 : gnutls (RHSA-2023:1200)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1200 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

7.4CVSS7.2AI score0.01403EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2023/02/15 6:15 p.m.60 views

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

7.4CVSS6.9AI score0.01403EPSS
Exploits1References3
CVE
CVE
added 2022/12/08 12:0 a.m.91 views

CVE-2022-39901

CVE-2022-39901 affects Samsung Exynos baseband (Lassen baseband) prior to SMR DEC-2022 Release 1. The issue is improper authentication that allows a remote attacker to disable network traffic encryption between UE and gNodeB. Impact is described as high confidentiality risk with no integrity/avai...

6.5CVSS6.6AI score0.00241EPSS
Exploits0References1Affected Software1
Imperva Blog
Imperva Blog
added 2022/08/18 4:26 p.m.19 views

The Five Principles of a Zero Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero trust model, every organization should be actively moving in that...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/05/10 12:0 a.m.378 views

Apache Tomcat 8.5.38 < 8.5.79

The version of Tomcat installed on the remote host is prior to 8.5.79. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.79security-8 advisory. - The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 t...

7.5CVSS8AI score0.71653EPSS
Exploits5References3
Packet Storm
Packet Storm
added 2021/12/13 12:0 a.m.269 views

Oracle Database Protection Mechanism Bypass

Advisory ID: SYSS-2021-061 Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 18c Vulnerability Type: Protection Mechanism Failure CWE-693 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-08-07 Public...

8.3CVSS0.2AI score0.025EPSS
Exploits5
NVD
NVD
added 2021/07/21 3:15 p.m.19 views

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

8.3CVSS0.025EPSS
Exploits5References10
OSV
OSV
added 2021/07/21 3:15 p.m.30 views

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

8.3CVSS6.8AI score0.025EPSS
Exploits5References10
Prion
Prion
added 2021/07/21 3:15 p.m.27 views

Design/Logic Flaw

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

5.1CVSS8.5AI score0.025EPSS
Exploits5References10Affected Software111
CVE
CVE
added 2021/07/20 10:43 p.m.238 views

CVE-2021-2351

CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...

8.3CVSS8.5AI score0.025EPSS
Exploits5References10Affected Software111
Cvelist
Cvelist
added 2021/07/20 10:43 p.m.28 views

CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option...

8.3CVSS8.7AI score0.025EPSS
Exploits5References10
The Hacker News
The Hacker News
added 2021/03/22 2:52 p.m.54 views

Popular Netop Remote Learning Software Found Vulnerable to Hacking

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. "These findings allow for elevation of privileges and ultimately...

9.8CVSS1.9AI score0.0148EPSS
Exploits0
Kitploit
Kitploit
added 2021/02/23 11:30 a.m.64 views

RAT-el - An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus...

8AI score
Exploits0References1
Apple
Apple
added 2020/11/12 10:19 a.m.61 views

About the security content of Xcode 12.0 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

9.3CVSS8.1AI score0.02986EPSS
Exploits1Affected Software2
NVD
NVD
added 2020/10/16 5:15 p.m.18 views

CVE-2020-9992

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...

9.3CVSS0.02986EPSS
Exploits1References3
OSV
OSV
added 2020/10/16 5:15 p.m.3 views

CVE-2020-9992

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...

7.8CVSS7.5AI score0.02986EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/10/16 4:56 p.m.37 views

CVE-2020-9992

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...

7.5AI score0.02986EPSS
Exploits1References3
Apple
Apple
added 2020/09/16 12:0 a.m.34 views

About the security content of Xcode 12.0

About the security content of Xcode 12.0 This document describes the security content of Xcode 12.0. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

9.3CVSS8AI score0.02986EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder