Lucene search
K

115 matches found

Positive Technologies
Positive Technologies
added 2022/09/29 12:0 a.m.9 views

PT-2022-21780 · Unknown · Go-Resolver

Name of the Vulnerable Software and Affected Versions: go-resolver affected versions not specified Description: The issue is related to incorrect DNSSEC validation. An attacker can cause the package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG...

7.7CVSS6.1AI score0.00227EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2022/08/29 10:6 a.m.35 views

A CISO's Ultimate Security Validation Checklist

If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you're away? More importantly – do you have the right action plan in place for a seamless return? Whether you're on the way out of – or back to – t...

Exploits0
Veracode
Veracode
added 2022/04/30 4:23 p.m.48 views

Information Disclosure

curl is vulnerable to information disclosure. The vulnerability exists due to improper security validations which allows an attacker to gain access to credentials of other servers...

5.7CVSS4.5AI score0.01595EPSS
Exploits1References6Affected Software4
Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.80 views

Windows LSA Protection Status

The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or...

5.7AI score
Exploits0References1
Hacker One
Hacker One
added 2022/02/24 5:31 p.m.30 views

HackerOne: Private invitation links/tokens leak to third-party analytics site

Summary: Private invite links are normally FILTERED before sending to third-party analytics sites. But it is seen that in few cases where the invitation link that requires users to accept NDA policy, the private invitation links are still sent to third party analytics site. Steps to reproduce 1...

1AI score
Exploits0
NVD
NVD
added 2021/11/15 5:15 a.m.31 views

CVE-2021-43620

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...

7.5CVSS0.01314EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/11/15 4:16 a.m.28 views

CVE-2021-43620

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...

7.5AI score0.01314EPSS
Exploits1References3
NVD
NVD
added 2021/09/08 12:15 p.m.20 views

CVE-2021-1929

Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

6.2CVSS0.0015EPSS
Exploits0References1
Veracode
Veracode
added 2021/08/06 8:24 a.m.27 views

Privilege Escalation

libapache2-mod-auth-openidc is vulnerable to privilege escalation. The vulnerability exists due to oidcvalidateredirecturl does not parse URLs the same way as most browsers...

6.1CVSS4.6AI score0.02364EPSS
Exploits1References12Affected Software2
Vulnrichment
Vulnrichment
added 2021/02/24 7:30 p.m.11 views

CVE-2021-1228 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability

A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

7.4CVSS6.8AI score0.00373EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/24 7:30 p.m.23 views

CVE-2021-1228 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability

A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

7.4CVSS7.6AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2021/02/22 7:15 a.m.19 views

CVE-2020-11177

User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

8.8CVSS0.00161EPSS
Exploits0References1
ArchLinux
ArchLinux
added 2021/02/07 12:0 a.m.152 views

[ASA-202102-22] helm: insufficient validation

Arch Linux Security Advisory ASA-202102-22 ========================================== Severity: Low Date : 2021-02-07 CVE-ID : CVE-2021-21303 Package : helm Type : insufficient validation Remote : No Link : https://security.archlinux.org/AVG-1539 Summary ======= The package helm before version...

6.8CVSS0.1AI score0.0103EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/01/04 4:19 p.m.24 views

CVE-2020-25275

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts...

7.5CVSS7.1AI score0.0466EPSS
Exploits1
Veracode
Veracode
added 2020/12/22 4:41 a.m.36 views

Insecure XML Parsing

github.com/crewjam/saml does not perform secure XML parsing. An attacker is able to forge part of a signed XML document due to a lack of validation...

9.8CVSS3.2AI score0.04872EPSS
Exploits1References9Affected Software2
Prion
Prion
added 2020/11/12 10:15 a.m.20 views

Integer overflow

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

7.2CVSS8AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2020/10/27 9:15 p.m.9 views

CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

7.8CVSS8.1AI score
Exploits0References6
The Hacker News
The Hacker News
added 2020/09/28 11:6 a.m.6 views

Red Team — Automation or Simulation?

What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean? While both programs are performed by ethical hackers, whether they are in-house residents or contracted externally, t...

6AI score
Exploits0
CNVD
CNVD
added 2020/07/24 12:0 a.m.3 views

Binary Vulnerability in Siemens PLC at Siemens (China) Co.

Siemens is a global technology company that provides solutions for customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drives and software with innovations in electrification, automation and digitalization. A binary vulnerability...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2020/02/26 5:7 a.m.96 views

Internet Bug Bounty: DirectoryIterator class silently truncates after a null byte

The bug submitted at: https://bugs.php.net/bug.php?id=78863 The security advisory at: https://nvd.nist.gov/vuln/detail/CVE-2019-11045 There's an issue with SPL PHP extension on splfilesystemobjectconstruct function. When creating a new DirectoryIterator object splfilesystemobjectconstruct functio...

4.3CVSS7.3AI score0.08818EPSS
Exploits1
Rows per page
Query Builder