Lucene search
+L

176 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/09/16 8:9 p.m.41 views

Metasploit Weekly Wrap-Up

BYOS: Bring your own stager We try hard to make sure we have a great choice of fully-functional payloads to choose from, but sometimes you might want to “branch” out on your own, and if that’s the case we’ve got you covered. In an attempt to make Metasploit play well with others, we’ve introduced...

9CVSS8.2AI score0.86086EPSS
Exploits7
NVD
NVD
added 2022/05/24 5:15 p.m.28 views

CVE-2020-4926

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600...

9.1CVSS0.00663EPSS
Exploits0References3
Prion
Prion
added 2022/05/24 5:15 p.m.17 views

Code injection

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600...

6.4CVSS8.8AI score0.00663EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2022/05/24 4:20 p.m.27 views

CVE-2020-4926

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600...

5.7CVSS9AI score0.00663EPSS
Exploits0References3
Prion
Prion
added 2022/04/15 2:15 a.m.21 views

Authentication flaw

Improper authentication vulnerability in the communication protocol provided by AD Automation Design server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions...

5.8CVSS9.2AI score0.00943EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/04/15 1:45 a.m.101 views

CVE-2022-26034

The CVE-2022-26034 issue affects Yokogawa CENTUM VP family and B/M9000 VP (notably CENTUM VP R6.01.10–R6.09.00; B/M9000 VP R8.01.01–R8.03.01; and ProSafe-RS up to R4.07.00 if RS4E5000 is installed). The root cause is improper authentication in the AD server’s communication protocol, enabling an a...

9.1CVSS9.2AI score0.00943EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/04/15 1:45 a.m.40 views

CVE-2022-26034

Improper authentication vulnerability in the communication protocol provided by AD Automation Design server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions...

9.5AI score0.00943EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2022/04/13 2:49 a.m.157 views

USN-5377-1: Linux kernel (BlueField) vulnerabilities

It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-1055 Yiqi Sun and Kevin Wang discovered that the...

9CVSS8AI score0.67994EPSS
Exploits20
Positive Technologies
Positive Technologies
added 2022/02/16 12:0 a.m.3 views

PT-2022-1913

Name of the Vulnerable Software and Affected Versions PJSIP affected versions not specified Description The issue is related to a stack overflow in the PJSUA API when calling the pjsua playlist create function. An attacker-controlled file names argument may cause a buffer overflow since it is...

10CVSS7.6AI score0.0462EPSS
Exploits6References62
OSV
OSV
added 2021/11/26 5:15 p.m.5 views

CVE-2021-35533

Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface BCI IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted messag...

7.5CVSS7.1AI score0.0092EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2021/10/19 6:11 a.m.23 views

Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia

A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia. Security researchers at Kaspersky, who presented their findings at the...

1.1AI score
Exploits0
NVD
NVD
added 2021/08/02 9:15 p.m.31 views

CVE-2021-27499

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows...

5.9CVSS0.00475EPSS
Exploits0References1
NVD
NVD
added 2021/08/02 9:15 p.m.26 views

CVE-2021-27503

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on...

5.8CVSS0.00562EPSS
Exploits0References1
Prion
Prion
added 2021/08/02 9:15 p.m.19 views

Code injection

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows...

4.3CVSS6.1AI score0.00475EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/08/02 8:42 p.m.60 views

CVE-2021-27503

CVE-2021-27503 affects Ypsomed mylife Cloud (all versions before 1.7.2) and mylife App (before 1.7.5). The root cause is encryption at the application layer based on hard-coded secrets in the client–server protocol, which can enable man-in-the-middle tampering of messages. The Red Hat and other s...

5.8CVSS5AI score0.00562EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/08/02 8:42 p.m.30 views

CVE-2021-27503

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on...

5.4AI score0.00562EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/02 8:42 p.m.43 views

CVE-2021-27499

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows...

5.9AI score0.00475EPSS
Exploits0References1
CVE
CVE
added 2021/08/02 8:42 p.m.53 views

CVE-2021-27499

Summary: CVE-2021-27499 affects Ypsomed mylife Cloud (pre-1.7.2) and mylife App (pre-1.7.5). The root cause is use of non-random IVs in the CBC-mode encryption of the communication protocol between the mylife App and mylife Cloud, allowing an attacker to tamper with messages and potentially affec...

5.9CVSS5.6AI score0.00475EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2021/07/16 12:0 a.m.14 views

Ypsomed mylife App trust management issue vulnerability

Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App is vulnerable to a trust management issue, which stems...

5.8CVSS1.9AI score0.00562EPSS
Exploits0References1
NVD
NVD
added 2021/01/19 10:15 p.m.29 views

CVE-2020-27269

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences...

5.7CVSS6.4AI score0.00499EPSS
Exploits0References1
Rows per page
Query Builder