Lucene search
K

134 matches found

Cvelist
Cvelist
added 2023/12/05 1:54 p.m.56 views

CVE-2022-24403 De-anonymization attack in TETRA

The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK Class 2 networks or CCK Class 3 networks. The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given on...

4.3CVSS5.1AI score0.00113EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/09 12:0 a.m.5 views

Clario VPN client security vulnerability

Clario VPN client is a VPN client for Mac from Clario. A security vulnerability exists in Clario VPN client macOS version 5.9.1.1662, which originates when the VPN client insecurely configures the operating system so that all IP traffic that gets to the VPN server's IP address is sent outside the...

6.3CVSS6.7AI score0.00311EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/06/19 12:0 a.m.5 views

Dominion Voting Systems ImageCast X 安全特征问题漏洞

Dominion Voting Systems ImageCast X is an intuitive and configurable face-to-face voting solution from Dominion Voting Systems. A security vulnerability exists in Dominion Voting Systems ImageCast Precinct and ImageCast Evolution, which stems from a flaw in the pseudo-random number generator that...

2.4CVSS4.9AI score0.00359EPSS
Exploits0References5
Prion
Prion
added 2023/03/31 7:15 p.m.19 views

Design/Logic Flaw

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...

4CVSS4.8AI score0.00436EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/31 12:0 a.m.5 views

CVE-2023-29137

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users...

6.9AI score0.00436EPSS
Exploits0References1
CVE
CVE
added 2023/03/31 12:0 a.m.64 views

CVE-2023-29137

Summary: CVE-2023-29137 concerns the GrowthExperiments extension for MediaWiki (up to 1.39.3). The UserImpactHandler inadvertently returns the timezone preference for arbitrary users, enabling potential de-anonymization. The issue is rooted in the extension’s handling of user data (timezone prefe...

4.3CVSS4.7AI score0.00436EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.7 views

Debian: Security Advisory (DLA-650-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
CVE
CVE
added 2023/03/06 5:40 p.m.49 views

CVE-2023-25169

CVE-2023-25169 affects the Discourse Yearly Review plugin. In affected versions, a user appearing in a yearly review topic that is later anonymised may still have data linked to the original account. The issue has been patched in commit b3ab33bbf7 and is included in the latest plugin version. Mit...

5.3CVSS4.5AI score0.00439EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2022/07/15 2:53 p.m.38 views

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users

A group of academics from the New Jersey Institute of Technology NJIT has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target i.e.,...

6.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/07/14 2:31 p.m.16 views

New Browser De-anonymization Technique

Researchers have a new way to de-anonymize browser users, by correlating their behavior on one account with their behavior on another: The findings, which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a...

2.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/13 11:55 a.m.29 views

U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens' Sensitive Data

The U.S. Federal Trade Commission FTC warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice ...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2022/02/18 3:44 a.m.37 views

Automattic: De-anonymize anonymous tips through the Tumblr blog network

Hey y’all! 👋 Hope all is well! Summary: I noticed that, if you send an anonymous tip through the Tumblr dashboard, you can be de-anonymized through the notes view on the blog network & maybe elsewhere?. Platforms Affected: All platforms, but requires a blog that is served on the blog network. Ste...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/12/08 1:34 p.m.186 views

Was threat actor KAX17 de-anonymizing the Tor network?

A mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network. Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2021/09/29 11:30 a.m.37 views

Kodex - A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code

Kodex Community Edition - CE is an open-source toolkit for privacy and security engineering. It helps you to automate data security and data protection measures in your data engineering workflows. It offers the following functionality: Read data items from a variety of sources such as files,...

7AI score
Exploits0References2
Schneier on Security
Schneier on Security
added 2021/07/28 11:3 a.m.48 views

De-anonymization Story

This is important: Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops USCCB, effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work,...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2021/07/16 9:30 p.m.149 views

Kali-Whoami - A Privacy Tool Developed To Keep You Anonymous On Kali Linux At The Highest Level

The purpose of the Whoami tool makes you as anonymous as possible on Kali linux. It is an user friendly with its ease of use and simple interface. It follows two different paths to ensure the highest possible level of anonymity. Finally, don't forget that there is never a hundred percent security...

7AI score
Exploits0References2
OSV
OSV
added 2021/07/15 5:15 p.m.18 views

CVE-2021-32750

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

5.7CVSS6.5AI score
Exploits0References1
NVD
NVD
added 2021/07/15 5:15 p.m.20 views

CVE-2021-32750

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

6.8CVSS0.00842EPSS
Exploits1References1
Prion
Prion
added 2021/07/15 5:15 p.m.13 views

Design/Logic Flaw

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

3.5CVSS5.4AI score0.00842EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/07/15 4:35 p.m.23 views

CVE-2021-32750 De-anonymization via message

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

6.8CVSS6.6AI score0.00842EPSS
Exploits1References1
Rows per page
Query Builder