Lucene search
K

87 matches found

Tenable Nessus
Tenable Nessus
added 2021/05/18 12:0 a.m.18 views

EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2021-1908)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length...

7.5CVSS6.5AI score0.50732EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.26 views

EulerOS 2.0 SP8 : python-rsa (EulerOS-SA-2020-1878)

According to the version of the python-rsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g.,...

7.5CVSS7.5AI score0.01359EPSS
Exploits1References2
NVD
NVD
added 2020/06/01 7:15 p.m.19 views

CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS7.4AI score0.01359EPSS
Exploits1References5
OSV
OSV
added 2020/06/01 7:15 p.m.35 views

CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS7AI score
Exploits0References5
Prion
Prion
added 2020/06/01 7:15 p.m.24 views

Memory corruption

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

5CVSS7.3AI score0.01359EPSS
Exploits1References5Affected Software3
OSV
OSV
added 2020/06/01 7:15 p.m.32 views

PYSEC-2020-99

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS2.3AI score0.01359EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2020/06/01 7:15 p.m.42 views

CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS7.1AI score0.01359EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/06/01 6:17 p.m.25 views

CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS7.5AI score0.01359EPSS
Exploits1
NVD
NVD
added 2020/05/12 6:15 p.m.25 views

CVE-2020-6244

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...

7.8CVSS7.1AI score0.00323EPSS
Exploits0References2
Prion
Prion
added 2020/05/12 6:15 p.m.23 views

Code injection

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the...

4.4CVSS7.5AI score0.00323EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/12/11 12:0 a.m.2 views

Unspecified Vulnerability in Siemens XHQ

Siemens XHQ Production Operations Intelligence is Siemens Energy's flagship solution and is widely deployed by the world's largest oil & gas and chemical companies. An unspecified vulnerability exists in Siemens XHQ, which can be exploited by an attacker to cause an application to run in an...

5.4CVSS6.8AI score0.00521EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2019/04/29 2:13 p.m.262 views

Docker Hub Hack Affects 190K Accounts, with Concerning Consequences

UPDATE Docker Hub has confirmed that it was hacked last week; with sensitive data from approximately 190,000 accounts potentially exposed. “On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data,” Kent Lamb, director o...

9CVSS8.7AI score0.99965EPSS
Exploits30References9
Citrix
Citrix
added 2019/03/04 12:0 a.m.9 views

Bidirectional Content Redirection does not work properly with Lingering Session

Repro Steps: 1. Start Internet Explorer on your client machine 2. Type an URL that match with "Allowed URLs to be redirected to VDA" to the address field 3. The local browser is closed automatically when hitting the enter key 4. The published application is started and the redirected URL is opene...

6.8AI score
Exploits0
OSV
OSV
added 2019/02/16 10:34 a.m.4 views

SUSE-SU-2019:0418-1 Security update for python-numpy

This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allowpickle to false by default to restrict loading untrusted content bsc1122208. With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing...

9.8CVSS9.7AI score0.17078EPSS
Exploits2References3
OSV
OSV
added 2019/02/12 11:55 a.m.5 views

SUSE-SU-2019:13951-1 Security update for python-numpy

This update for python-numpy fixes the following issues: Security issue fixed: - CVE-2019-6446: Set allowpickle to false by default to restrict loading untrusted content bsc1122208. With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing...

9.8CVSS9.7AI score0.17078EPSS
Exploits2References3
Qualys Blog
Qualys Blog
added 2019/01/09 5:0 p.m.147 views

Container Security Becomes a Priority for Enterprises

Among the IT innovations that businesses are using to digitally transform operations, containers might be the most disruptive and revolutionary. “They’re a real game changer,” Qualys Chief Product Officer Sumedh Thakar said at QSC 2018 in Las Vegas. DevOps teams have embraced containers because...

7.5CVSS0.2AI score0.86978EPSS
Exploits10
Malwarebytes
Malwarebytes
added 2018/11/27 10:44 p.m.74 views

Why Malwarebytes decided to participate in AV testing

Starting this month, Malwarebytes began participating in the antivirus software for Windows comparison test performed by AV-test.org. This is uncharted territory for us, as we have refrained from participating in these types of tests since our inception. Although recent testing results show...

7.2AI score
Exploits0
Prion
Prion
added 2018/05/09 8:29 p.m.13 views

Code injection

SAP MaxDB ODBC driver all versions before 7.9.09.07 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

7.5CVSS9.4AI score0.01828EPSS
Exploits0References3Affected Software1
Carbon Black Blog
Carbon Black Blog
added 2018/01/23 11:0 a.m.60 views

Carbon Black & VMware Announce General Availability of Integrated Solution to Secure the SDDC

Securing your software-defined data center SDDC is fundamentally different than securing your end-user computers. Securing the endpoint is no longer enough - attackers have other angles they can take to wreak havoc on your system - but not securing your endpoints would be a big mistake. That’s wh...

6.9AI score
Exploits0
Veracode
Veracode
added 2017/10/29 10:25 p.m.18 views

Modifiable Secondary Configuration Values

cordova-android has modifiable secondary configuration values. If an application is created without explicit values set in the config.xml file, attackers can set these variables by using Intent. Leveraging this, they can change the behavior of the application...

5.3CVSS5.6AI score0.05911EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder