Lucene search
+L

250 matches found

Tenable Nessus
Tenable Nessus
added 2010/10/11 12:0 a.m.41 views

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6637)

This update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. The following security issues were fixed: CVE-2009-3238: The getrandomint function in drivers/char/random.c in the Linux kernel produces insufficiently random numbers, which allows attackers to...

7.8CVSS5.6AI score0.01632EPSS
Exploits4References6
NVD
NVD
added 2010/09/17 6:0 p.m.22 views

CVE-2010-3073

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

2.1CVSS5.6AI score0.00713EPSS
Exploits0References13
Prion
Prion
added 2010/09/17 6:0 p.m.13 views

Design/Logic Flaw

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

2.1CVSS6.1AI score0.00713EPSS
Exploits0References13Affected Software1
UbuntuCve
UbuntuCve
added 2010/09/17 6:0 p.m.22 views

CVE-2010-3073

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

2.1CVSS5.9AI score0.00713EPSS
Exploits0References1
Cvelist
Cvelist
added 2010/09/17 5:46 p.m.30 views

CVE-2010-3073

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

5.5AI score0.00713EPSS
Exploits0References13
NVD
NVD
added 2010/02/05 10:30 p.m.20 views

CVE-2009-2752

IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

1.5CVSS5.5AI score0.00248EPSS
Exploits0References4
Prion
Prion
added 2010/02/05 10:30 p.m.16 views

Information disclosure

IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

1.5CVSS6AI score0.00248EPSS
Exploits0References4Affected Software1
ThreatPost
ThreatPost
added 2009/10/30 2:12 p.m.12 views

Free Microsoft Tool Hardens Programs Against Attack

Microsoft has released a free tool for retroactively hardening applications against known attacks, without recompiling the program with a special compiler flag. The Enhanced Mitigation Evaluation Toolkit EMET allows developers and administrators to activate specific protection mechanisms in...

3AI score
Exploits0References4
seebug.org
seebug.org
added 2009/09/22 12:0 a.m.65 views

Linux Kernel get_random_int函数不充分随机数漏洞

Linux kernel 2.6.x CVE ID: CVE-2009-3238 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/char/random.c文件中的getrandomint函数所生成的随机数随机性不够,攻击者可以相对容易的预测返回值,绕过基于随机化的保护机制。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

7.8CVSS0.1AI score0.01632EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2009/09/18 10:30 a.m.39 views

CVE-2009-3238

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

7.8CVSS6.1AI score0.01632EPSS
Exploits2References3
Cvelist
Cvelist
added 2009/09/18 10:0 a.m.27 views

CVE-2009-3238

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

5.7AI score0.01632EPSS
Exploits2References13
Prion
Prion
added 2009/05/22 4:48 p.m.26 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via 1 the User.lang parameter to the login page aka gw/webacc, 2 style expressions in a message...

4.3CVSS5.9AI score0.01905EPSS
Exploits1References17Affected Software1
Cvelist
Cvelist
added 2009/05/22 4:25 p.m.43 views

CVE-2009-1635

Multiple cross-site scripting XSS vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via 1 the User.lang parameter to the login page aka gw/webacc, 2 style expressions in a message...

5.6AI score0.01905EPSS
Exploits1References17
NVD
NVD
added 2009/05/21 2:30 p.m.22 views

CVE-2009-1594

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A encoded newline, as demonstrated by a %0A in a cross-site scripting XSS attack URL...

7.5CVSS5.8AI score0.01447EPSS
Exploits0References5
Prion
Prion
added 2009/05/21 2:30 p.m.19 views

Cross site scripting

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A encoded newline, as demonstrated by a %0A in a cross-site scripting XSS attack URL...

7.5CVSS6.2AI score0.01447EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2009/05/21 2:0 p.m.29 views

CVE-2009-1594

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A encoded newline, as demonstrated by a %0A in a cross-site scripting XSS attack URL...

5.8AI score0.01447EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2009/03/12 2:13 p.m.37 views

Moderate: Red Hat Security Advisory: icu security update

Updated icu packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The International Components for Unicode ICU library provides robust and full-featured Unicode...

4.3CVSS5.7AI score0.03192EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/02/27 12:0 a.m.59 views

CentOS Update for kernel CESA-2008:0211 centos3 x86_64

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2008:0211 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.5CVSS0.7AI score0.02791EPSS
Exploits7References2
NVD
NVD
added 2008/12/17 11:30 p.m.18 views

CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...

5CVSS6.5AI score0.02212EPSS
Exploits0References28
Cvelist
Cvelist
added 2008/12/17 11:0 p.m.27 views

CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...

9.6AI score0.02212EPSS
Exploits0References28
Rows per page
Query Builder