1203 matches found
SSL/TLS: Server Certificate / Certificate in Chain with ECC keys less than 224 bits
The remote SSL/TLS server certificate and/or any of the certificates in the certificate chain is using a ECC key with less than 224 bits. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
CVE-2021-39530
An issue was discovered in libredwg through v0.10.1.3751. bitwcs2nlen in bits.c has a heap-based buffer overflow...
libredwg 代码问题漏洞
LibreDWG is a free C library for reading and writing DWG files. a null pointer dereference vulnerability exists in the bitreadBB function in bits.c in LibreDWG version 0.10.1.3751. An attacker could exploit this vulnerability to cause a denial of service...
DEBIAN-CVE-2021-38171
adtsdecodeextradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the initgetbits return value, which is a necessary step because the second argument to initgetbits can be crafted...
Transient Execution of Non-canonical Accesses
Bulletin ID: AMD-SB-1010 Potential Impact: Data Leakage Severity: Medium Summary AMD reviewed “Transient Execution of Non-Canonical Accesses“ submitted by a researcher demonstrating that AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits. CVE Detai...
CVE-2021-37606
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timin...
CVE-2021-21794
An out-of-bounds write vulnerability exists in the TIF bitspersample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability...
PT-2021-14779 · Accusoft · Accusoft Imagegear
Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.9 Description: An out-of-bounds write issue exists in the TIF bits per sample processing functionality. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file t...
SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path
Exploit Title: SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path Discovery by: Brian Rodriguez Date: 21-06-2021 Vendor Homepage: https://brother.com/ Tested Version: 7.60 Vulnerability Type: Unquoted Service Path Tested on: Windows 10 Enterprise 64 bits Step to discover Unquoted Service Path:...
VX Search 13.5.28 - (Multiple) Unquoted Service Path Vulnerability
Exploit Title: VX Search 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.vxsearch.com Software Links: https://www.vxsearch.com/setupsx64/vxsearchsrvsetupv13.5.28x64.exe https://www.vxsearch.com/setupsx64/vxsearchentsetupv13.5.28x64.exe Tested...
Sync Breeze 13.6.18 - (Multiple) Unquoted Service Path Vulnerability
Exploit Title: Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.syncbreeze.com/ Software Links: https://www.syncbreeze.com/setupsx64/syncbreezesrvsetupv13.6.18x64.exe...
Workspace ONE Intelligent Hub 20.3.8.0 - (VMware Hub Health Monitoring Service) Unquoted Service Pat
Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path Discovery by: Ismael Nava Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html Software Links : https://getwsone.com/ Tested Version: 20.3.8.0...
VX Search 13.5.28 - 'Multiple' Unquoted Service Path
Exploit Title: VX Search 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.vxsearch.com Software Links: https://www.vxsearch.com/setupsx64/vxsearchsrvsetupv13.5.28x64.exe...
Insecure temporary file used in com.squareup:connect
This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...
Disk Sorter Server 13.6.12 - (Disk Sorter Server) Unquoted Service Path Vulnerability
Exploit Title: Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path Discovery by: BRushiran Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksortersrvsetupv13.6.12x64.exe Tested Version: 13.6.12 Vulnerability Type: Unquoted...
CVE-2020-15387
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications...
Design/Logic Flaw
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications...
Shepard - In Progress Persistent Download/Upload/Execution Tool Using Windows BITS
This is an IN PROGRESS persistance tool using Windows Background Intelligent Transfer Service BITS. Functionality: File Download, File Exfiltration, File Download + Persistent Execution Usage: run shepard.exe as Administrator with the following command line arguments -d remoteLocation, writePath:...
CVE-2021-23021
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...
Accusoft ImageGear 缓冲区错误漏洞
Accusoft ImageGear is a multi-platform, multi-language document imaging developer toolkit. An out-of-bounds write vulnerability exists in the TIF bitspersample handling function in Accusoft ImageGear version 19.9. An attacker can exploit the vulnerability via a specially crafted file to cause...