Lucene search
K

2877 matches found

Kitploit
Kitploit
added 2022/06/11 9:30 p.m.28 views

Pulsar - Data Exfiltration And Covert Communication Tool

Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a bizarre chat or a network tunnel through different protocols, for example you can receive data from tcp connection and resend it to real destination through DNS packets. Setting up...

7.3AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.57 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IMS™ Enterprise Suite: SOAP Gateway (CVE-2015-4000)

Summary The Logjam Attack on TLSTransport Layer Security connections using the Diffie-Hellman DH key exchange protocol affects IMS™ Enterprise Suite: SOAP Gateway. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive informatio...

4.3CVSS4.5AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 1:5 p.m.81 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IMS™ Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2015-2808)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 that is used the following IMS™ Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. This bulletin also addresse...

5CVSS5AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 5:6 p.m.145 views

Security Bulletin: The LogJam Attack on Diffie-Hellman ciphers (CVE-2015-4000) affects some versions of the DS8000.

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 affects some versions of the DS8000. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHEEXPORT...

4.3CVSS4.7AI score0.9986EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 5:6 p.m.34 views

Security Bulletin: Vulnerability in RC4 stream cipher affects DS8000 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects DS8000 Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS5AI score0.74006EPSS
Exploits0Affected Software2
OSV
OSV
added 2022/05/24 3:15 p.m.2 views

DEBIAN-CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

7.5CVSS7.7AI score0.01563EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 3:15 p.m.1 views

UBUNTU-CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

7.5CVSS7.5AI score0.01563EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2022/05/17 7:24 a.m.20 views

new packages: plexus-cipher

An update is available for plexus-cipher. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2.2AI score
Exploits0
OSV
OSV
added 2022/05/17 5:22 a.m.4 views

GHSA-39VM-P9MR-4R27 Beaker Sensitive Information Disclosure vulnerability

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

6.9CVSS6.2AI score0.02447EPSS
Exploits0References9
OSV
OSV
added 2022/05/14 2:46 a.m.0 views

GHSA-P836-389H-J692 Improper Access Control in Apache Shiro

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS6.2AI score0.93143EPSS
Exploits9References10
OSV
OSV
added 2022/05/14 2:14 a.m.1 views

GHSA-8353-FGCR-XFHX Improper Input Validation in Bouncy Castle

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

4CVSS7AI score0.02972EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 1:37 a.m.43 views

Missing Cryptographic Step in OWASP Enterprise Security API for Java

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

5.8CVSS4.8AI score0.01655EPSS
Exploits1References9Affected Software1
Veracode
Veracode
added 2022/05/13 10:37 a.m.29 views

Man-in-the-Middle (MitM)

openssl3 is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists because implementing the RC4-MD5 cipher suite incorrectly uses the AAD data as the MAC key, allowing an attacker to perform a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL...

5.9CVSS7.3AI score0.01026EPSS
Exploits0References7Affected Software2
Rockylinux
Rockylinux
added 2022/05/10 8:4 a.m.43 views

maven:3.6 security and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

5.3CVSS6.2AI score0.08665EPSS
Exploits1
CNVD
CNVD
added 2022/05/08 12:0 a.m.13 views

OpenSSL Encryption Problem Vulnerability (CNVD-2022-37790)

OpenSSL is an open source general-purpose cryptographic library from the Openssl team capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple encryption algorithms, including symmetric ciphers, hashing algorithms, secure...

5.9CVSS0.9AI score0.01026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/05/07 2:27 p.m.176 views

CVE-2021-34558

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

6.5CVSS0.8AI score0.07032EPSS
Exploits1References5
CVE
CVE
added 2022/05/03 3:16 a.m.125 views

CVE-2022-20742

Cisco ASA Software and Firepower Threat Defense (FTD) Software contain an IPsec IKEv2 VPN information disclosure vulnerability (CVE-2022-20742) due to improper GCM cipher implementation. An unauthenticated, remote attacker in a man-in-the-middle position can intercept encrypted messages across an...

7.4CVSS7.2AI score0.00425EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/05/03 12:0 a.m.4 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS6.6AI score0.01026EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2022/05/03 12:0 a.m.269 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: The crehash script allows command injection CVE-2022-1292 Moderate The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On...

10CVSS2.7AI score0.83223EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2022/04/27 4:0 p.m.4 views

CVE-2022-20742

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementatio...

7.4CVSS7.2AI score0.00425EPSS
Exploits0References2
Rows per page
Query Builder