Utimaco SecurityServer 安全漏洞

Utimaco SecurityServer is an application chip from Utimaco, Germany. It provides a general-purpose hardware security module that secures encryption key material for servers and applications. A security vulnerability exists in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0, which can be exploited by...

Vulnerability of the Server component: Security: Encryption of the MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the MySQL Server component’s Security: Encryption module is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

Jupyter Login Utility

This module checks if authentication is required on a Jupyter Lab or Notebook server. If it is, this module will bruteforce the password. Jupyter only requires a password to authenticate, usernames are not used. This module is compatible with versions 4.3.0 released 2016-12-08 and newer. Module...

DEBIAN-CVE-2020-10751

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages...

CVE-2020-13397

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB read vulnerability has been detected in securityfipsdecrypt in libfreerdp/core/security.c due to an uninitialized value...

Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the' ebitmapnetlblimport' routine. While processing the CIPSO restricted...

CVE-2020-11051

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor with write access as well load the same page into the Markdown editor, the XSS payload will be...

CVE-2020-11051

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor with write access as well load the same page into the Markdown editor, the XSS payload will be...

Huawei NIP6800, Secospace USG6600 and USG9500 IPSec Module Out-of-Bounds Read Vulnerability

Huawei USG9500 and others are products of Huawei, China.USG9500 is a data center firewall product.NIP6800 is an intrusion prevention system.USG6600 is a data center firewall product. A security vulnerability exists in the IPSec module in the Huawei NIP6800, Secospace USG6600, and USG9500. An...

DNSSEC Keysigning Ceremony Postponed Because of Locked Safe

Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers a minimum of three and up to seven from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper,...

The vulnerability of the openregion.security module of the “Open Region” platform, which arises due to insufficient validation of input data, allows attackers to execute arbitrary code or carry out cross-site scripting attacks.

The vulnerability of the “Open Region” platform exists due to insufficient verification of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or perform a cross-site scripting attack by uploading files with extensions .pht, .php7, .php5, .php3, .php4,...

CVE-2019-17302

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...

CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...

CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...

Cisco Adaptive Security Appliance - Path Traversal Exploit

Exploit for hardware platform in category web applications require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an...

Cisco Adaptive Security Appliance - Path Traversal (Metasploit)

require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without...

CVE-2019-7614

A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user...

Siemens SCALANCE S627-2M Security module

Binary data 764598.prm...

Siemens SCALANCE S623 Security module

Binary data 764597.prm...

Hacking Hardware Security Modules

Security researchers Gabriel Campana and Jean-Baptiste Bédrune are giving a hardware security module HSM talk at BlackHat in August: This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It wi...