Lucene search
K

956 matches found

NVD
NVD
added 2018/04/04 12:29 a.m.15 views

CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

7.5CVSS7.5AI score0.02082EPSS
Exploits0References2
OSV
OSV
added 2018/04/04 12:29 a.m.10 views

CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

7.5CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2018/04/04 12:29 a.m.5 views

DEBIAN-CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

7.5CVSS6.8AI score0.02082EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/04 12:0 a.m.20 views

CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

7.4AI score0.02082EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/04/04 12:0 a.m.21 views

CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

7.5CVSS6.6AI score0.02082EPSS
Exploits0
CVE
CVE
added 2018/04/04 12:0 a.m.182 views

CVE-2018-9234

CVE-2018-9234 : GnuPG 2.2.4 and 2.2.5 are affected. The issue is a failure to enforce a config where key certification requires an offline master Certify key, allowing certifications that only used a signing subkey to appear valid. This description comes from the provided documents which state th...

7.5CVSS7.2AI score0.02082EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2018/04/03 12:0 a.m.24 views

CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

7.5CVSS6.8AI score0.02082EPSS
Exploits0References2
OSV
OSV
added 2018/04/03 12:0 a.m.4 views

UBUNTU-CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

7.5CVSS6.8AI score0.02082EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2018/03/16 2:29 p.m.2 views

CVE-2017-4130

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/03/16 2:29 p.m.3 views

CVE-2017-4108

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/03/16 2:29 p.m.2 views

CVE-2017-4066

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/03/16 2:29 p.m.8 views

CVE-2017-4035

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.8AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2018/02/25 7:21 p.m.9 views

monsterindia.com XSS vulnerability

Open Bug Bounty ID: OBB-568252 Description| Value ---|--- Affected Website:| monsterindia.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2018/01/23 2:37 a.m.17 views

Cybersecurity Certification Courses – CISA, CISM, CISSP

The year 2017 saw some of the biggest cybersecurity incidents—from high profile data breaches in Equifax and Uber impacting millions of users to thousands of businesses and millions of customers being affected by the global ransomware threats like WannaCry and NotPetya. The year ended, but it did...

6.8AI score
Exploits0
Prion
Prion
added 2017/12/08 3:29 p.m.18 views

Design/Logic Flaw

Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

9.3CVSS7.7AI score0.01029EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/12/08 3:29 p.m.3 views

CVE-2017-10893

Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

7.8CVSS5.8AI score0.01029EPSS
Exploits0References1
NVD
NVD
added 2017/12/08 3:29 p.m.18 views

CVE-2017-10893

Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

9.3CVSS7.8AI score0.01029EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2017/12/07 2:0 p.m.13 views

Good News from Singapore

The IETF had its 100th meeting the week of November 13. It was held in Singapore. I want to report on two pieces of good news. The first is that it seems like TLS 1.3 is ready to advance through the IETF process. As I wrote last month, the problem was that outdated or buggy network devices betwee...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/12/07 12:0 a.m.2 views

J-LIS The Public Certification Service for Individuals "The JPKI user's software" Untrusted Search Path Vulnerability

J-LIS The Public Certification Service for Individuals "The JPKI user's software" is a set of public certification service software for individuals based on the PKI Public Key Infrastructure platform from Japan Agency for Local Authority Information Systems J-LIS. The JPKI user's software" is a...

9.3CVSS7.1AI score0.01029EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/06 5:42 a.m.2 views

The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

Overview The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Note that...

9.3CVSS7AI score0.01029EPSS
Exploits0References6
Rows per page
Query Builder