Lucene search
K

158 matches found

BDU FSTEC
BDU FSTEC
added 2020/02/11 12:0 a.m.7 views

The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service, which allows a hacker to cause a service failure.

The vulnerability of the OSSL Module web server of the Oracle HTTP Server and the SSL API component of the Oracle Security Service is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTPS protocol...

5.3CVSS6.2AI score0.01489EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2019/07/03 4:15 p.m.31 views

CVE-2018-11421

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to...

9.8CVSS9.3AI score0.00906EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2019/07/02 7:47 a.m.1 views

Firefox to Automatically Trust OS-Installed CA Certificates to Prevent TLS Errors

Mozilla has finally introduced a mechanism to let Firefox browser automatically fix certain TLS errors, often triggered when antivirus software installed on a system tries to intercept secure HTTPS connections. Most Antivirus software offers web security feature that intercepts encrypted HTTPS...

6.6AI score
Exploits0
FreeBSD Advisory
FreeBSD Advisory
added 2019/05/14 12:0 a.m.30 views

FreeBSD-SA-19:03.wpa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:03.wpa Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in hostapd and wpasupplicant Category: contrib Module: wpa Announced: 2019-05-14...

8.1CVSS7AI score0.05372EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/04/25 12:0 a.m.10 views

The vulnerability of the ISAKMP discriver in the Wireshark traffic analyzer program, related to the swapping of the zero pointer, allows a hacker to trigger a service failure.

The vulnerability of the ISAKMP discriver in the Wireshark traffic analyzer program is related to the assignment of a zero pointer. Exploiting this vulnerability allows a malicious actor to cause a service failure using a specially crafted trace file...

5.5CVSS6.2AI score0.00765EPSS
Exploits1References5Affected Software2
RedHat Linux
RedHat Linux
added 2019/04/16 2:49 p.m.99 views

Important: Red Hat Security Advisory: mod_auth_mellon security and bug fix update

An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References4
Schneier on Security
Schneier on Security
added 2019/04/15 7:0 p.m.60 views

Vulnerabilities in the WPA3 Wi-Fi Security Protocol

Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2019/04/10 6:30 p.m.738 views

Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password

🔥 Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi...

5.9CVSS0.6AI score0.03739EPSS
Exploits0
Packet Storm
Packet Storm
added 2019/03/05 12:0 a.m.37 views

Java Debug Wire Protocol Remote Code Execution

!/usr/bin/python Universal JDWP shellifier @hugsy And special cheers to @lanjelot import socket import time import sys import struct import urllib import argparse JDWP protocol variables HANDSHAKE = "JDWP-Handshake" REQUESTPACKETTYPE = 0x00 REPLYPACKETTYPE = 0x80 Command signatures VERSIONSIG = 1...

0.7AI score
Exploits0
Lenovo
Lenovo
added 2018/12/18 3:12 p.m.987 views

WPA2 Protocol Vulnerabilities - US

Lenovo Security Advisory: LEN-17420 Potential Impact: An attacker could manipulate the vulnerability to affect clients through arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames Severity: High Scope of...

5.8CVSS7.4AI score0.04575EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2018/10/09 4:0 p.m.6 views

nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello

A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack...

5.9CVSS7.1AI score0.01496EPSS
Exploits0References6
Veeam
Veeam
added 2018/07/31 12:0 a.m.29 views

How to disable TLS 1.0 with no impact on Veeam ONE functionality

Possible Veeam ONE issues with disabling TLS 1.0 protocol and their resolution plans...

3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.34 views

Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)

Summary SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the “BEAST” attack. SSL protocol is used by the IBM FlashSystem V840. Vulnerability Details CVE-ID: CVE-2011-3389 DESCRIPTION: Multiple products could allow a remote attacker to obtain...

4.3CVSS0.4AI score0.73327EPSS
Exploits4Affected Software1
OSV
OSV
added 2018/03/14 5:29 p.m.4 views

CVE-2018-0886

The Credential Security Support Provider protocol CredSSP in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code...

7CVSS7.7AI score0.82334EPSS
Exploits4References7
Palo Alto Networks
Palo Alto Networks
added 2018/01/02 6:9 p.m.522 views

ROBOT attack against PAN-OS

ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. PAN-89936 / CVE-2017-17841 While SSL Decryption and GlobalProtect are...

1.2AI score0.02408EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2017/11/02 7:4 p.m.15 views

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

7.5CVSS6.8AI score0.95707EPSS
Exploits7References7
BDU FSTEC
BDU FSTEC
added 2017/10/18 12:0 a.m.7 views

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for Wi-Fi wireless networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to access encrypted information transmitted over the...

7.9CVSS7AI score0.01807EPSS
Exploits0References23Affected Software38
OSV
OSV
added 2017/10/17 2:29 a.m.2 views

DEBIAN-CVE-2017-13077

Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Pairwise Transient Key PTK Temporal Key TK during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...

6.8CVSS6.9AI score0.02388EPSS
Exploits0References1
ICS
ICS
added 2017/05/09 12:0 a.m.58 views

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update C)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

7.1CVSS0.2AI score0.01149EPSS
Exploits0References65
CNVD
CNVD
added 2017/04/03 12:0 a.m.4 views

SECCN User Behavior Management Firewall Has Information Disclosure Vulnerability

SECCN User Behavior Management Firewall is an application gateway firewall based on a security protocol stack. The SECCN User Behavior Management Firewall suffers from an information leakage vulnerability. An attacker can exploit this vulnerability to obtain sensitive server files, posing an...

6.5AI score
Exploits0
Rows per page
Query Builder