Lucene search
+L

5452 matches found

openvas
openvas
added 2009/10/13 12:0 a.m.16 views

Solaris Update for Native LDAP, PAM, name-service-switch 138874-05

Check for the Version of Native LDAP, PAM, name-service-switch OpenVAS Vulnerability Test Solaris Update for Native LDAP, PAM, name-service-switch 138874-05 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...

7.4AI score
Exploits0References2
osv
osv
added 2009/10/06 5:30 p.m.1 views

DEBIAN-CVE-2009-3564

puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files...

4.7CVSS6.6AI score0.00377EPSS
Exploits1References1
fedora
fedora
added 2009/09/15 7:41 a.m.21 views

[SECURITY] Fedora 10 Update: kdebase-workspace-4.3.1-1.fc10

The KDE Workspace consists of what is the desktop of the KDE Desktop Environment. This package contains: khotkeys a hotkey daemon klipper a cut & paste history utility kmenuedit the menu editor krandrtray resize and rotate X screens krunner a command run interface ksysguard a performance monitor...

7.5CVSS1AI score0.01257EPSS
Exploits0
oraclelinux
oraclelinux
added 2009/09/08 12:0 a.m.44 views

cman security, bug fix, and enhancement update

2.0.115-1 - RSA II fencing agent has been fixed. - Resolves: rhbz493802 2.0.114-1 - local variable 'verbosefilename' referenced before assignment has been fixed - RSA II fencing agent has been fixed. - Resolves: rhbz493802 rhbz514758 2.0.113-1 - Limitations with 2-node fencescsi are now properly...

6.9CVSS7AI score0.0039EPSS
Exploits0
threatpost
threatpost
added 2009/09/02 3:55 p.m.13 views

Alex Howard on Compliance, Breach Notification and the Rockefeller Bill

Dennis Fisher talks with Alex Howard, associate editor of Searchcompliance.com, about the burden compliance places on security staffs, the growing tide of breach notification laws and the misunderstandings surrounding the Rockefeller bill and the Internet kill switch. Download Subscribe to the...

2.8AI score
Exploits0References5
metasploit
metasploit
added 2009/07/01 3:57 a.m.19 views

3Com SuperStack Switch Denial of Service

This module causes a temporary denial of service condition against 3Com SuperStack switches. By sending excessive data to the HTTP Management interface, the switch stops responding temporarily. The device does not reset. Tested successfully against a 3300SM firmware v2.66. Reported to affect...

7.1CVSS6.9AI score0.39064EPSS
Exploits2
nvd
nvd
added 2009/05/27 4:30 p.m.13 views

CVE-2009-1474

The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not 1 encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not 2 s...

7.6CVSS6.5AI score0.01684EPSS
Exploits0References4
nvd
nvd
added 2009/05/27 4:30 p.m.34 views

CVE-2009-1473

The 1 Windows and 2 Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to a decrypt network traffi...

10CVSS6.7AI score0.03191EPSS
Exploits0References4
prion
prion
added 2009/05/27 4:30 p.m.13 views

Input validation

The 1 Windows and 2 Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to a decrypt network traffi...

10CVSS7.3AI score0.03191EPSS
Exploits0References4Affected Software2
prion
prion
added 2009/05/27 4:30 p.m.22 views

Hardcoded credentials

The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from...

10CVSS7.3AI score0.02146EPSS
Exploits0References3Affected Software2
prion
prion
added 2009/05/27 4:30 p.m.16 views

Hardcoded credentials

The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to 1 execute arbitrary Java code, or 2 gain access to machines connected to...

10CVSS7.9AI score0.01065EPSS
Exploits0References2Affected Software2
cvelist
cvelist
added 2009/05/27 4:0 p.m.45 views

CVE-2009-1473

The 1 Windows and 2 Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to a decrypt network traffi...

6.7AI score0.03191EPSS
Exploits0References4
cvelist
cvelist
added 2009/05/27 4:0 p.m.17 views

CVE-2009-1474

The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not 1 encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not 2 s...

6.5AI score0.01684EPSS
Exploits0References4
cve
cve
added 2009/05/27 4:0 p.m.82 views

CVE-2009-1474

The CVE-2009-1474 issue affects ATEN KH1516i (firmware 1.0.063) and KN9116 (firmware 1.1.104). It states that mouse events are not encrypted and the session cookie is not marked Secure in HTTPS, enabling potential man-in-the-middle abuse and cookie interception over HTTP. Connected sources confir...

7.6CVSS6.8AI score0.01684EPSS
Exploits0References4Affected Software2
cve
cve
added 2009/05/27 4:0 p.m.62 views

CVE-2009-1473

The CVE-2009-1473 entry affects ATEN KH1516i (firmware 1.0.063) and KN9116 (firmware 1.1.104). The root cause is an insecure RSA-based handling of the symmetric session-key negotiation in the Windows/Java clients, enabling a remote attacker to decrypt traffic or perform MITM by replaying client-s...

10CVSS6.9AI score0.03191EPSS
Exploits0References4Affected Software2
cve
cve
added 2009/05/27 4:0 p.m.54 views

CVE-2009-1472

Affected products: ATEN KH1516i IP KVM Switch (browser firmware 1.0.063) and ATEN KN9116 IP KVM Switch (firmware 1.1.104). Vulnerability summary: The Java client program used to connect to these switches contains a hardcoded AES encryption key in the client, enabling a man-in-the-middle attacker ...

10CVSS7.6AI score0.01065EPSS
Exploits0References2Affected Software2
openvas
openvas
added 2009/05/13 12:0 a.m.11 views

Sendmail / Sendmail Switch / SMI Sendmail / Sendmail UCB SMTP Server Detection (SMTP)

SMTP based detection of Sendmail / Sendmail Switch / SMI Sendmail / Sendmail UCB. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0References1
openvas
openvas
added 2009/04/09 12:0 a.m.43 views

Mandriva Update for kernel MDKSA-2007:171 (kernel)

Check for the Version of kernel OpenVAS Vulnerability Test Mandriva Update for kernel MDKSA-2007:171 kernel Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

7.8CVSS0.7AI score0.05035EPSS
Exploits0References2
oraclelinux
oraclelinux
added 2009/04/01 12:0 a.m.84 views

kernel security and bug fix update

2.6.18-128.1.6.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki,Guru Anbalagane orabug 6045759 - MM shrink zone patch John Sobecki,Chris Mason orabug 6086839 - NET Add xen pv/bonding netconsole support Tina yang orabug 6993043 bz 7258 - nfs convert ENETUNREACH to ENOTCONN Guru...

7.1CVSS0.2AI score0.04623EPSS
Exploits8
cvelist
cvelist
added 2009/03/24 7:0 p.m.19 views

CVE-2009-1064

Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method...

7AI score0.03721EPSS
Exploits1References4
Rows per page
Query Builder