Lucene search
K

2876 matches found

Veracode
Veracode
added 2020/04/10 12:36 a.m.45 views

Man-in-the-Middle (MitM)

openssh is vulnerable to man-in-the-middle attack. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH communication. This updat...

2.6CVSS2.6AI score0.15395EPSS
Exploits1References42Affected Software1
OSV
OSV
added 2020/04/07 4:15 p.m.5 views

CVE-2017-18661

An issue was discovered on Samsung mobile devices with M6.0 and N7.x software. There is a buffer overflow in processciphertdea. The Samsung ID is SVE-2017-8973 July 2017...

9.8CVSS6.1AI score0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/02 7:48 p.m.21 views

CVE-2019-19097 ABB eSOMS: SSL medium strength Cipher Suites

ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection...

5.9CVSS7.4AI score0.00676EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 8:41 p.m.20 views

Security Bulletin: WebSphere Message Broker Toolkit and IBM Integration Toolkit cannot connect to a remote WebSphere Message Broker broker or IBM Integration Bus node with a TLS-compliant cipher (CVE-2015-0118)

Summary WebSphere Message Broker Toolkit and IBM Integration Toolkit cannot connect to remote WebSphere Message Broker or IBM Integration Bus node with a TLS-compliant cipher. Vulnerability Details CVEID: CVE-2015-0118 DESCRIPTION: IBM Integration Toolkit cannot connect to a remote IBM Integratio...

4.3CVSS0.4AI score0.01087EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/20 1:36 a.m.23 views

Security Bulletin: TLS padding vulnerability affects IBM Security Access Manager for DataPower (CVE-2014-8730)

Summary IBM Security Access Manager version 8.0.0.5 for DataPower is affected by a TLS padding vulnerability, which could allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Security Access Manager version 8.0.0.5 for DataPower...

4.3CVSS1.1AI score0.1372EPSS
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2020/03/10 1:0 p.m.14 views

Variant of Paradise Ransomware Targets Office IQY Files

A new variant of the Paradise ransomware attacks rarely-targeted Microsoft Office Excel IQY files, providing a new and relatively inobtrusive way to infiltrate and hijack an organization’s network, researchers have found. Lastline Labs’ James Haughom discovered the variant in December in a spam...

0.5AI score
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/06 7:58 p.m.29 views

Security Bulletin: IBM® Db2® does not explicitly forbid a weaker than expected 3DES cipher when configured to use SSL (CVE-2019-4102).

Summary TLS 1.2 allows the use of 3DES, which has some known weaknesses, among other supported ciphers. Db2 does not forbid the use of 3DES when configured to use TLS 1.2 protocol. Although Db2 does not choose the cipher out of all available ciphers, the weaker ciphers should be explicitly...

5.9CVSS1.3AI score0.01179EPSS
Exploits0Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/02/19 12:0 a.m.0 views

Weak SSH Cipher Suites

Communication with SSH servers using weak cipher suites might be prone to attacks trying to intercept secure communications...

1.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/07 2:6 a.m.26 views

Security Bulletin: IBM Aspera WebApps (Shares, Faspex, Console, Orchestrator) and products are affected by OpenSSL Vulnerability (CVE-ID: CVE-2019-1543)

Summary IBM Aspera WebApps Shares, Faspex, Console, Orchestrator products have addressed the following OpenSSL vulnerability Vulnerability Details CVEID: CVE-2019-1543 DESCRIPTION: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539...

7.4CVSS0.3AI score0.05701EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.29 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Application Developer for WebSphere Software (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. A...

5CVSS0.4AI score0.74006EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/02/04 9:15 p.m.15 views

CVE-2015-2802

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...

7.5CVSS7.3AI score0.06375EPSS
Exploits0References5
Prion
Prion
added 2020/02/04 9:15 p.m.16 views

Information disclosure

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...

5CVSS6.8AI score0.06375EPSS
Exploits0References5Affected Software3
Cvelist
Cvelist
added 2020/02/04 8:9 p.m.19 views

CVE-2015-2802

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...

7.3AI score0.06375EPSS
Exploits0References5
CVE
CVE
added 2020/02/04 8:9 p.m.77 views

CVE-2015-2802

CVE-2015-2802 affects HP SiteScope 11.2/11.3 (Windows/Linux/S Solaris) and HP Asset Manager 9.30–9.32, 9.40–9.41, 9.50, plus Asset Manager Cloudsystem Chargeback 9.40. The vulnerability is a TLS RC4/Bar Mitzvah information disclosure, enabling a remote attacker to obtain sensitive information. Th...

7.5CVSS7.3AI score0.06375EPSS
Exploits0References5Affected Software2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1676)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.6CVSS6.1AI score0.00388EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for mod_nss (EulerOS-SA-2016-1070)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01716EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1693)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.6CVSS6.1AI score0.00388EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.46 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1403)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.95707EPSS
Exploits8References2
Qualys Blog
Qualys Blog
added 2020/01/17 4:10 p.m.57 views

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...

0.8AI score
Exploits0
OSV
OSV
added 2020/01/09 4:29 p.m.5 views

OPENSUSE-SU-2020:0003-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 68.3esr MFSA 2019-38 bsc1158328 Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction bmo1546331 - CVE-2019-13722: Fixed a stack corruption due to incorrect number of...

8.8CVSS8.2AI score0.02994EPSS
Exploits3References9
Rows per page
Query Builder