Lucene search
K

4774 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 9:54 a.m.74 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Sourcing (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

6.9CVSS7.2AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 9:52 a.m.56 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Contract Management (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

6.9CVSS7.2AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 9:49 a.m.60 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Program Management (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

6.9CVSS7.2AI score0.99019EPSS
Exploits11Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/01 12:0 a.m.25 views

Debian DLA-2472-1 : mutt security update

In Mutt, a text-based Mail User Agent, invalid IMAP server responses were not properly handled, potentially resulting in authentication credentials being exposed or man-in-the-middle attacks. For Debian 9 stretch, this problem has been fixed in version 1.7.2-1+deb9u4. We recommend that you upgrad...

5.3CVSS5.5AI score0.02323EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/26 9:28 p.m.36 views

Security Bulletin: A security vulnerability in angular.js affects IBM Cloud Automation Manager.

Summary A security vulnerability in angular.js affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability t...

5.4CVSS0.8AI score0.02142EPSS
Exploits0Affected Software1
CVE
CVE
added 2020/11/23 6:52 p.m.302 views

CVE-2020-28896

CVE-2020-28896 affects Mutt and NeoMutt where, during IMAP initial responses, the client did not properly consult $ssl_force_tls and/or close the connection, allowing potential exposure of authentication credentials to an unencrypted channel or a Man‑in‑the‑Middle. The issue occurs in Mutt up to ...

5.3CVSS5.6AI score0.02323EPSS
Exploits0References6Affected Software2
Securelist
Securelist
added 2020/11/05 10:0 a.m.53 views

Attacks on industrial enterprises using RMS and TeamViewer: new data

Download full report PDF Executive Summary In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in on...

0.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/27 4:5 p.m.17 views

Security Bulletin: A vulnerability in the GSKit component of Rational Developer for System z (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of Rational Developer for System z. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|---...

5.9CVSS0.8AI score0.02032EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/10/21 12:0 a.m.4 views

Apache containerd Credential Leakage Vulnerability

containerd is a container daemon from the Apache Software Foundation. This process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. A security vulnerability exists in containerd an industry-standard container runtime versions prior t...

6.1CVSS8.7AI score0.02209EPSS
Exploits1References1
NVD
NVD
added 2020/10/16 5:15 p.m.29 views

CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

6.1CVSS0.02209EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/10/16 4:45 p.m.30 views

CVE-2020-15157 containerd can be coerced into leaking credentials during image pull

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

6.1CVSS6.8AI score0.02209EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2020/10/15 12:0 a.m.41 views

CVE-2020-15157

In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...

6.1CVSS6.6AI score0.02209EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/10/08 10:11 p.m.66 views

Sensitive data exposure in NATS

Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementations were...

7.5CVSS7.2AI score0.01476EPSS
Exploits0References5Affected Software2
ThreatPost
ThreatPost
added 2020/09/25 8:17 p.m.68 views

Industrial Cyberattacks Get Rarer but More Complex

Cyberattacks against the oil and gas industry inched up only slightly compared to the second half of 2019. Security experts say they are encouraged by the anemic growth, but at the same time are expressing concern that attacks are now becoming more potent, targeted and complex. According to new...

0.3AI score
Exploits0References5
CNVD
CNVD
added 2020/09/21 12:0 a.m.3 views

Nextcloud Desktop Client Sensitive Information Plaintext Storage Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication applications from Nextcloud Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A vulnerability exists in Nextcloud Desktop Client version 2.6.4 in which sensitive informati...

7.5CVSS6.7AI score0.0091EPSS
Exploits0References1
OSV
OSV
added 2020/09/18 9:15 p.m.3 views

DEBIAN-CVE-2020-8225

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

7.5CVSS7.3AI score0.0091EPSS
Exploits0References1
NVD
NVD
added 2020/09/18 9:15 p.m.21 views

CVE-2020-8225

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

7.5CVSS0.0091EPSS
Exploits0References2
OSV
OSV
added 2020/09/18 9:15 p.m.14 views

CVE-2020-8225

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

7.5CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2020/09/18 8:11 p.m.28 views

CVE-2020-8225

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

7.5AI score0.0091EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/09/18 8:11 p.m.25 views

CVE-2020-8225

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

7.5CVSS7.5AI score0.0091EPSS
Exploits0
Rows per page
Query Builder