Lucene search
K

97 matches found

Tenable Nessus
Tenable Nessus
added 2021/11/19 12:0 a.m.262 views

Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5152-1)

The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5152-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

10CVSS7.8AI score0.0383EPSS
Exploits0References6
OSV
OSV
added 2021/07/17 6:5 p.m.2 views

OPENSUSE-SU-2021:1050-1 Security update for fossil

This update for fossil fixes the following issues: fossil 2.16: Add the fossil patch command Improve the fossil ui command to work on check-out directories and remote machines web UI improvements Add fossil bisect run command for improved automation of bisects Improve fossil merge handling of...

7AI score
Exploits0References2
OSV
OSV
added 2021/05/04 6:56 a.m.8 views

SUSE-SU-2021:1472-1 Security update for ceph, deepsea

This update for ceph, deepsea fixes the following issues: - ceph was updated to 14.2.20-402-g6aa76c6815: CVE-2021-20288: Fixed unauthorized globalid reuse bsc1183074. CVE-2020-25678: Do not add sensitive information in Ceph log files bsc1178905. CVE-2020-27839: Use secure cookies to store JWT Tok...

7.2CVSS5.8AI score0.02449EPSS
Exploits0References23
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/08 6:45 p.m.40 views

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Spectrum Scale RAID/IBM GPFS Native RAID. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID:...

5.9CVSS0.2AI score0.0288EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/07/09 5:15 p.m.11 views

CVE-2020-15526

In Redgate SQL Monitor 7.1.4 through 10.1.6 inclusive, the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration Notifications pages to disable certificate checking for alert notifications. These TLS security checks are als...

5.9CVSS0.00499EPSS
Exploits0References1
Prion
Prion
added 2020/07/09 5:15 p.m.16 views

Code injection

In Redgate SQL Monitor 7.1.4 through 10.1.6 inclusive, the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration Notifications pages to disable certificate checking for alert notifications. These TLS security checks are als...

4.3CVSS5.9AI score0.00499EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/09 4:40 p.m.52 views

CVE-2020-15526

CVE-2020-15526 affects Redgate SQL Monitor versions 7.1.4 through 10.1.6, where the scope for disabling TLS certificate checks could extend beyond the intended Configuration > Notifications, also affecting VMware monitoring. This allows potential man-in-the-middle attacks when sending alert no...

5.9CVSS5.9AI score0.00499EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/09 4:40 p.m.13 views

CVE-2020-15526

In Redgate SQL Monitor 7.1.4 through 10.1.6 inclusive, the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration Notifications pages to disable certificate checking for alert notifications. These TLS security checks are als...

5.9AI score0.00499EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2019/06/03 7:49 a.m.7 views

Exploit for Use After Free in Microsoft

detectbluekeep.py Python script to detect bluekeep vulnerabil...

10CVSS8.6AI score0.99999EPSS
Exploits123
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 1:6 p.m.20 views

Security Bulletin: Vulnerabilities in IBM Java Runtime affect Watson Explorer, Watson Content Analytics, and OmniFind Enterprise Edition (CVE-2015-7575, CVE-2015-4872)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by Watson Explorer, Watson Content Analytics, and OmniFind Enterprise Edition. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security...

5.9CVSS0.6AI score0.03703EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:1 a.m.52 views

Security Bulletin: OpenSSL vulnerabilities for Rational Automation Framework Security Advisory (CVE-2015-0204)

Summary A vulnerability in the OpenSSL ssl3getkeyexchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using...

4.3CVSS1.4AI score0.98685EPSS
Exploits0Affected Software1
Qualys Blog
Qualys Blog
added 2018/06/06 4:0 p.m.51 views

The Digital Transformation Age Is Dawning: Do You Know Where Your Certificates Are?

How many digital certificates are in use in your organization? When do they expire? Do you have a way of discovering digital certificates from unapproved Certificate Authorities? Most organizations can't answer these questions with complete certainty, because they lack the necessary visibility an...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2018/03/08 4:49 a.m.32 views

CVE-2018-1069

GlusterFS and NFS network filesystems rely on File System User ID and Group ID information in order to restrict access to file shares. However, it's possible to overwrite the Openshift restrictions on container UserId and GroupdId as they are not validated before being sent over the Openshift...

7.1CVSS0.2AI score0.0061EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2017/12/28 12:30 p.m.54 views

The "Extended Random" Feature in the BSAFE Crypto Library

Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUALECPRNG random number generator to weaken TLS...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/11/16 7:10 p.m.12 views

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

7.5CVSS6.8AI score0.95707EPSS
Exploits7References7
Kitploit
Kitploit
added 2017/09/30 9:0 p.m.27 views

CipherScan - Find out which SSL ciphersuites are supported by a target

Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl sclient command line. Cipherscan is meant to run on all...

7.2AI score
Exploits0References2
EUVD
EUVD
added 2017/05/04 7:0 p.m.3 views

EUVD-2017-12848

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; user...

7.5CVSS6.7AI score0.57595EPSS
Exploits1References28
ThreatPost
ThreatPost
added 2017/03/17 6:0 a.m.10 views

US-CERT Warns HTTPS Inspection May Degrade TLS Security

Recent academic work looking at the degradation of security occurring when HTTPS inspection tools are sitting in TLS traffic streams has been escalated by an alert published Thursday by the Department of Homeland Security. DHS’ US-CERT warned enterprises that running standalone inspection...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/03/03 12:0 a.m.41 views

Fedora 24 : 1:xrdp (2017-05e32fe278)

WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already...

9.8CVSS6.9AI score0.01326EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/02/24 12:0 a.m.45 views

Fedora 25 : 1:xrdp (2017-8fffbae8af)

WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already...

9.8CVSS6.9AI score0.01326EPSS
Exploits0References2
Rows per page
Query Builder