Lucene search
K

20 matches found

The Hacker News
The Hacker News
added 2024/08/13 2:2 p.m.30 views

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability h...

7.5CVSS8.2AI score0.00032EPSS
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.12 views

First Depositor Attack is possible by front-running mip00 script execution

Lines of code Vulnerability details Overview The First Depositor Attack Within the context of Compound v2, a First Depositor Attack occurs when an attacker becomes the inaugural minter of a cToken. This enables them to establish the first exchange rate between the underlying asset and the cToken...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/19 5:48 a.m.1 views

Multiple Vulnerabilities in Hitachi Device Manager

Overview Multiple vulnerabilities have been found in Hitachi Device Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

9CVSS7AI score0.00133EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2021/07/19 5:15 p.m.26 views

CVE-2020-36423

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator...

7.5CVSS7.1AI score0.00663EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2020/11/20 12:0 a.m.21 views

Potential file overwrite if archive filename starts with file://

I have submitted this to the PEAR bug tracker as well as the PEAR group mailing list, and I'm not sure if either has gone through, so opening an issue here with the hope that this is the right place for it. While auditing a separate application which uses ArchiveTar internally, I found that...

7.8CVSS7.8AI score0.93364EPSS
Exploits4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/11/11 5:10 a.m.1 views

Arbitrary File Deletion Vulnerability in Hitachi Command Suite

Overview An arbitrary file deletion vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7AI score
Exploits0References2
Schneier on Security
Schneier on Security
added 2019/08/29 11:17 a.m.57 views

AI Emotion-Detection Arms Race

Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI...

6.9AI score
Exploits0
HackRead
HackRead
added 2019/05/09 11:32 a.m.86 views

The Pitfalls of Keeping Your Ports Wide Open

By David Balaban Based on security assessment results, penetration testers often recommend hiding an enterprise network’s ports behind a whitelist. However, corporate IT teams don’t always understand the need for such a countermeasure. Even some admins and DevOps specialists with tons of experien...

1.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/04 7:53 a.m.1 views

Problem with directory permissions in JP1/Operations Analytics

Overview A problem with directory permissions was found in JP1/Operations Analytics. Impact Regarding the impact of the vulnarability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5.6CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2017/03/28 2:59 a.m.13 views

Design/Logic Flaw

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users...

5CVSS7.2AI score0.00773EPSS
Exploits0References3Affected Software1
Fortinet
Fortinet
added 2016/05/16 12:0 a.m.38 views

RSA-CRT key leak under certain conditions

FortiOS now includes for all SSL libraries a countermeasure against Lenstra's fault attack on RSA-CRT optimization when a RSA signature is corrupted...

5CVSS4AI score0.00806EPSS
Exploits0
Hacker One
Hacker One
added 2015/11/24 1:23 a.m.45 views

Radancy: RC4 cipher suites detected

A group of researchers Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt have found new attacks against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical fla...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2013/12/24 12:0 a.m.24 views

Synology DSM 4.3-3810 - Directory Traversal

Synology DSM 4.3-3810 - Directory Traversal Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 I'm again he...

Exploits0
ThreatPost
ThreatPost
added 2012/12/18 6:36 p.m.23 views

Cisco VoIP Hacker Urges Closer Look at Firmware Security Vulnerabilities

Ang Cui’s “Funtenna” is just the latest eye-opener into the security of embedded networked devices such as printers, VoIP phones, routers and other core, connected infrastructure. The Columbia University PhD candidate’s recent hack of a Cisco-branded VoIP phone demonstrates the risk posed by...

0.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/04/16 12:0 a.m.1186 views

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)

A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This plugin tries to establish an SSL/TLS remote...

4.3CVSS6.7AI score0.03832EPSS
Exploits4References7
FreeBSD
FreeBSD
added 2012/01/19 12:0 a.m.39 views

fetchmail -- chosen plaintext attack against SSL CBC initialization vectors

Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...

4.3CVSS7.3AI score0.03832EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/09/24 3:3 a.m.2 views

Data Transfer Control Process Cessation Issue in XFIT/S/JCA and XFIT/S/ZGN

Overview Data transfer control process in XFIT/S/JCA or XFIT/S/ZGN would shut down when the designated port receives data unexpectedly. Impact Data transfer control process would shut down when XFIT/S/JCA or XFIT/S/ZGN receives data unexpectedly. Solution Please refer to the 'Vendor Information'...

5CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2008/07/31 12:0 a.m.30 views

DSA-1623-1 dnsmasq - cache poisoning

Bulletin has no description...

6.8CVSS6.7AI score0.88109EPSS
Exploits20
CVE
CVE
added 2003/04/02 5:0 a.m.107 views

CVE-2001-1382

OpenSSH prior to 2.9.9p2 is affected by an echo simulation traffic analysis countermeasure that sends an extra echo packet after password/Carriage Return. This could let a remote attacker determine that the countermeasure is being used. Upgrade to OpenSSH 2.9.9p2 or later (as indicated by the CVE...

5CVSS9.5AI score0.01454EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2001/09/27 12:0 a.m.7 views

PT-2001-2496 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 2.9.9p2 Description: The issue concerns the "echo simulation" traffic analysis countermeasure in OpenSSH. This countermeasure sends an additional echo packet after the password and carriage return is entered. As a...

10CVSS7.9AI score0.90356EPSS
Exploits207References336
Rows per page
Query Builder