Lucene search
K

136 matches found

Spring Security Advisories
Spring Security Advisories
added 2022/03/01 12:0 a.m.5 views

Spring Cloud Gateway HTTP2 Insecure TrustManager

Applications using Spring Cloud Gateway that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates...

5.5CVSS7.2AI score0.04846EPSS
Exploits0References1
hivepro
hivepro
added 2022/01/26 5:39 a.m.14 views

MoonBounce: New malware deployed by APT41 in UEFI firmware

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...

0.5AI score
Exploits0
CNVD
CNVD
added 2021/12/08 12:0 a.m.9 views

Veritas Enterprise Vault Code Issue Vulnerability (CNVD-2021-95588)

Veritas Enterprise Vault is an enterprise-grade file protection, archiving automation software from Veritas, USA. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and prior versions where the Enterprise Vault application starts multiple services that listen for commands from the...

9.8CVSS7.1AI score0.01813EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/08 12:0 a.m.7 views

Veritas Enterprise Vault Code Issue Vulnerability (CNVD-2021-95589)

Veritas Enterprise Vault is an enterprise-grade file protection, archiving automation software from Veritas, USA. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and prior versions where the Enterprise Vault application starts multiple services that listen for commands from the...

9.8CVSS7.1AI score0.01813EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.5 views

Veritas Enterprise Vault 代码问题漏洞

Veritas Enterprise Vault is an enterprise-grade file protection, archiving automation software from Veritas, USA. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and prior versions where the Enterprise Vault application starts multiple services that listen for commands from the...

9.8CVSS5.8AI score0.01813EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/12/09 12:0 a.m.8 views

Git Authorization Problem Vulnerability

Git is a free, open source distributed version control system. Git version 1.7.3 suffers from an authorization issue vulnerability that stems from the ability to use passwords for unexpected resources. In order to exploit, a user must perform a git pull operation, decrypt the password, and use th...

7.5CVSS7.1AI score0.00586EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/09/02 12:0 a.m.22 views

Fedora: Security Advisory for eclipse-remote (FEDORA-2020-cf8ef2f333)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8.7AI score0.1074EPSS
Exploits0References2
Fedora
Fedora
added 2020/08/31 3:50 p.m.41 views

[SECURITY] Fedora 32 Update: eclipse-remote-3.0.1-6.fc32

Remote Services provides an extensible remote services framework...

9.4CVSS2.7AI score0.11138EPSS
Exploits0
Fedora
Fedora
added 2020/08/31 3:50 p.m.28 views

[SECURITY] Fedora 32 Update: eclipse-ecf-3.14.8-4.fc32

ECF is a set of frameworks for building communications into applications and services. It provides a lightweight, modular, transport-independent, fully compliant implementation of the OSGi Remote Services standard...

9.4CVSS2.8AI score0.11138EPSS
Exploits0
CNVD
CNVD
added 2020/02/11 12:0 a.m.3 views

Nextcloud server server-side request forgery vulnerability

Nextcloud is a client-server software suite for creating network hard disks. A server-side request forgery vulnerability exists in Nextcloud Server 16.0.1. An attacker could use this vulnerability to detect local and remote services when adding a new subscription in the Calendar application...

5CVSS6.7AI score0.01287EPSS
Exploits1References1
OSV
OSV
added 2020/02/05 4:15 p.m.3 views

CVE-2019-16203

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client...

7.5CVSS7.2AI score0.01383EPSS
Exploits0References2
OSV
OSV
added 2020/02/04 8:15 p.m.36 views

CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

5CVSS6.5AI score0.01287EPSS
Exploits1References4
NVD
NVD
added 2020/02/04 8:15 p.m.18 views

CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

5CVSS5.8AI score0.01287EPSS
Exploits1References4
Prion
Prion
added 2020/02/04 8:15 p.m.25 views

Server side request forgery (ssrf)

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

4CVSS5AI score0.01287EPSS
Exploits1References4Affected Software3
Nextcloud
Nextcloud
added 2019/07/04 12:0 a.m.31 views

Server-Side request forgery in New-Subscription feature of the calendar app (NC-SA-2019-014)

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

4CVSS2.5AI score0.01287EPSS
Exploits1Affected Software1
OSV
OSV
added 2018/10/18 10:29 p.m.3 views

CVE-2018-15765

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication token...

5.5CVSS5.8AI score0.00442EPSS
Exploits0References3
Prion
Prion
added 2018/10/18 10:29 p.m.16 views

Information disclosure

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication token...

2.1CVSS5.8AI score0.00442EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/10/18 10:29 p.m.17 views

CVE-2018-11080

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially...

7.8CVSS7.3AI score0.00368EPSS
Exploits0References3
Prion
Prion
added 2018/10/18 10:29 p.m.17 views

Design/Logic Flaw

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

2.1CVSS7.7AI score0.00372EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/10/18 10:29 p.m.22 views

CVE-2018-11079

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain...

7.8CVSS6.3AI score0.00372EPSS
Exploits0References3
Rows per page
Query Builder