Lucene search
K

2876 matches found

OSV
OSV
added 2021/06/11 4:15 p.m.2 views

ALPINE-CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS7AI score0.02979EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2021/06/11 3:49 p.m.3 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

6.8AI score0.02979EPSS
Exploits1References8
Cvelist
Cvelist
added 2021/06/09 6:20 a.m.32 views

CVE-2020-11267

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

8.4CVSS8.5AI score0.00184EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2016:0748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.6AI score0.89557EPSS
Exploits21References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2013:1058-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.5AI score0.02912EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/03 10:7 p.m.51 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Informix Genero (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Informix Genero. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

5CVSS4.9AI score0.74006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/03 4:41 p.m.26 views

Security Bulletin: TLS padding vulnerability affects Informix Dynamic Server ( CVE-2014-8730)

Summary IBM Informix Dynamic Server can be affected by a TLS Transport Layer Security padding vulnerability which can allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Informix Dynamic Server. CVEID: CVE-2014-8730 DESCRIPTION: I...

4.3CVSS4.3AI score0.1372EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/03 4:41 p.m.19 views

Security Bulletin: TLS padding vulnerability affects Informix Client Software Development Kit (CSDK) ( CVE-2014-8730)

Summary Informix Client Software Development Kit CSDK can be affected by a TLS Transport Layer Security padding vulnerability which can allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Informix Client Software Development Kit...

4.3CVSS4.4AI score0.1372EPSS
Exploits0Affected Software1
Debian
Debian
added 2021/06/03 4:59 a.m.331 views

[SECURITY] [DLA 2672-1] imagemagick security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2672-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 02, 2021 https://wiki.debian.org/LTS -...

7.8CVSS7.2AI score0.0238EPSS
Exploits1
Veracode
Veracode
added 2021/06/01 6:6 a.m.26 views

Information Disclosure

imagemagick:edge is vulnerable to information disclosure. A flaw was found in ImageMagick in versions, leading to a potential cipher leak when the calculate signatures in TransformSignature is possible...

7.5CVSS2.9AI score0.01782EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2021/05/30 11:2 a.m.3 views

OESA-2021-1198 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

7.8CVSS7AI score0.0238EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2021/05/28 3:30 p.m.61 views

Researchers Warn of Facefish Backdoor Spreading Linux Rootkits

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different...

0.9AI score
Exploits0
Slackware Linux
Slackware Linux
added 2021/05/26 8:10 p.m.70 views

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.77.0-i586-1slack14.2.txz: Upgraded. This update fixes security issues: schannel cipher selection surprise TELNET sta...

8.1CVSS0.2AI score0.60122EPSS
Exploits1
CVE
CVE
added 2021/05/26 6:45 p.m.39 views

CVE-2018-16499

The CVE-2018-16499 entry concerns Versa Networks Versa VOS. The connected records indicate the issue stems from the use of unapproved SSH encryption protocols or cipher suites, enabling a network-endpoint attacker to perform a man-in-the-middle attack and potentially view communications between a...

5.9CVSS5.7AI score0.0031EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/05/26 8:0 a.m.7 views

CURL-CVE-2021-22897 Schannel cipher selection surprise

libcurl lets applications specify which specific TLS ciphers to use in transfers, using the option called CURLOPTSSLCIPHERLIST. The cipher selection is used for the TLS negotiation when a transfer is done involving any of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS,...

5.3CVSS7.1AI score0.02979EPSS
Exploits1
curl security advisories
curl security advisories
added 2021/05/26 8:0 a.m.6 views

Schannel cipher selection surprise

libcurl lets applications specify which specific TLS ciphers to use in transfers, using the option called CURLOPTSSLCIPHERLIST. The cipher selection is used for the TLS negotiation when a transfer is done involving any of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS,...

5.3CVSS6.3AI score0.02979EPSS
Exploits1References1Affected Software2
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.3 views

Versa VOS 加密问题漏洞

Versa Networks VOS is an operating system from Versa Networks, USA. The highly flexible VOS enables enterprises, organizations and service providers to deploy Versa SASE in branch offices, clouds, campuses and data centers. A security vulnerability exists in Versa VOS that stems from the use of...

5.9CVSS6AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.3 views

Haxx libcurl 加密问题漏洞

HAXX Haxx libcurl is a free, open source client-side URL transport library from the Swedish company HAXX. The library supports FTP, FTPS, TFTP, HTTP and more. Haxx libcurl suffers from a cryptographic issue vulnerability that stems from the fact that libcurl allows applications to specify a...

5.3CVSS6.8AI score0.02979EPSS
Exploits1References19
OSV
OSV
added 2021/05/20 8:15 p.m.2 views

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

7.5CVSS7.1AI score0.00412EPSS
Exploits1References1
Rockylinux
Rockylinux
added 2021/05/18 6:21 a.m.21 views

3.6 bug fix and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

1.8AI score
Exploits0
Rows per page
Query Builder