Lucene search
+L

446 matches found

Prion
Prion
added 2018/12/03 10:29 p.m.19 views

Design/Logic Flaw

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

7.5CVSS9.3AI score0.01273EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/12/03 10:29 p.m.4 views

CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

9.8CVSS5.8AI score0.01273EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/03 10:0 p.m.29 views

CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

9.5AI score0.01273EPSS
Exploits1References1
Prion
Prion
added 2018/11/02 5:29 p.m.22 views

Buffer overflow

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...

6.8CVSS8.2AI score0.02655EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/02 5:0 p.m.21 views

CVE-2018-3892

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...

9.6CVSS8.3AI score0.02655EPSS
Exploits1References1
CVE
CVE
added 2018/11/02 5:0 p.m.57 views

CVE-2018-3892

CVE-2018-3892 affects Yi Home Camera 27US, 1.8.7.0D. Time-sync code path (yi_sync_time) contains a buffer overflow in the parsing of the response, triggered by specially crafted HTTP content, leading to remote code execution. The vulnerable routine relies on a stack-allocated buffer and unbounded...

9.6CVSS8.2AI score0.02655EPSS
Exploits1References1Affected Software1
Talos
Talos
added 2018/10/31 12:0 a.m.526 views

Yi Technology Home Camera 27US TimeSync Code Execution Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...

9.6CVSS8.3AI score0.02655EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2018/10/24 11:0 a.m.86 views

China's Hacking of the Border Gateway Protocol

This is a long -- and somewhat technical -- paper by Chris C. Demchak and Yuval Shavitt about China's repeated hacking of the Internet Border Gateway Protocol BGP: "China's Maxim ­ Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking." BGP hacking is how large...

0.7AI score
Exploits0
OSV
OSV
added 2018/10/18 6:6 p.m.19 views

GHSA-W4G2-9HJ6-5472 Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

5.9CVSS5.3AI score0.01268EPSS
Exploits0References3
Hacker One
Hacker One
added 2018/10/12 9:3 p.m.259 views

U.S. Dept Of Defense: Unencrypted __VIEWSTATE parameter in a DoD website

Hi there i realise that the information passing to the server in the subdomain http://████████ can be seen without any encryption thought the VIEWSTATE Parameter. To reduce the change of someone interception the information the parameter should be encrypted due to the sensivity of the information...

6.8AI score
Exploits0
OSV
OSV
added 2018/09/17 8:29 p.m.8 views

CVE-2017-2856

An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue...

8.1CVSS6AI score0.0166EPSS
Exploits2References1
NVD
NVD
added 2018/09/14 8:29 p.m.16 views

CVE-2018-11087

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

5.9CVSS5.4AI score0.01268EPSS
Exploits0References1
Debian
Debian
added 2018/05/25 9:2 p.m.52 views

[SECURITY] [DSA 4211-1] xdg-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4211-1 [email protected] https://www.debian.org/security/ Luciano Bello May 25, 2018 https://www.debian.org/security/faq -...

6.8CVSS2AI score0.02493EPSS
Exploits0
The Hacker News
The Hacker News
added 2018/04/04 2:47 p.m.289 views

Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking

Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic. The stack-based...

10CVSS10.2AI score0.99512EPSS
Exploits2
Prion
Prion
added 2017/11/07 4:29 p.m.12 views

Design/Logic Flaw

An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability...

5.8CVSS8.6AI score0.00805EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2017/11/07 4:29 p.m.16 views

Design/Logic Flaw

An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability...

7.9CVSS7.5AI score0.00556EPSS
Exploits1References1Affected Software1
Carbon Black Blog
Carbon Black Blog
added 2017/10/18 4:24 p.m.28 views

Recent Wi-Fi KRACK Vulnerability Affects Almost Everyone With an Endpoint

A vulnerability might allow cyber criminals to intercept data being transmitted between Wi-Fi access points and endpoints, recent research has uncovered. The vulnerability, known as KRACK, short for Key Reinstallation Attacks, affects WPA2, which is widely used by many Wi-Fi enabled devices and c...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/10/18 12:0 a.m.7 views

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for wireless Wi-Fi networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...

7.9CVSS7AI score0.0207EPSS
Exploits0References23Affected Software39
Malwarebytes
Malwarebytes
added 2017/10/17 4:44 p.m.55 views

Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable

A serious flaw in the wireless protocol that secures all modern protected Wi-Fi networks has been discovered. How serious? If your device supports Wi-Fi, it is most likely affected. This feasible attack, dubbed KRACK, could abuse design or implementation flaws in the Wi-Fi standard, not some...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/10/10 12:0 a.m.6 views

Security Bypass Vulnerabilities in Multiple Cisco Products

Cisco Nexus 7000 Series Switches and so on are the products of the United States Cisco Cisco.Cisco Nexus 7000 Series Switches are 7000 series switches; Cisco Adaptive Security Appliance ASA, Adaptive Security Appliance The Cisco Nexus 7000 Series Switches are 7000 series switches; the Cisco...

4.2CVSS5.8AI score0.01693EPSS
Exploits0References1
Rows per page
Query Builder