Lucene search
K

260 matches found

Prion
Prion
added 2013/09/17 12:4 p.m.9 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions...

7AI score
Exploits5
Prion
Prion
added 2013/09/17 12:4 p.m.13 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions...

7AI score
Exploits5
Mozilla
Mozilla
added 2013/09/17 12:0 a.m.44 views

User-defined properties on DOM proxies get the wrong "this" object — Mozilla

Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this. It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker...

5CVSS6.2AI score0.02932EPSS
Exploits0References2Affected Software5
RedHat Linux
RedHat Linux
added 2013/05/20 3:26 p.m.6 views

JBoss: custom authorization module implementations shared between applications

Red Hat JBoss Enterprise Application Platform EAP before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control...

3.7CVSS6.2AI score0.00341EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/05/20 3:20 p.m.8 views

JBoss: custom authorization module implementations shared between applications

Red Hat JBoss Enterprise Application Platform EAP before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control...

3.7CVSS6.2AI score0.00341EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2013/02/27 4:45 p.m.7 views

ABC hacked after anti-Islam politician Interview

The Australian Broadcasting Corporation ABC is investigating data breach after Lateline interviewed Dutch anti-Islam politician Geert Wilders. A hacker going by the handle "Phr0zenMyst" has claimed to have hacked a web site associated with the ABC television program Making Australia Happy, leakin...

6.8AI score
Exploits0
NVD
NVD
added 2013/02/24 7:55 p.m.22 views

CVE-2012-6093

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fai...

4.3CVSS6.2AI score0.01778EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2013/02/24 7:0 p.m.55 views

CVE-2012-6093

Removed by vendor...

4.3CVSS6.6AI score0.01778EPSS
Exploits0
ThreatPost
ThreatPost
added 2012/11/01 7:44 p.m.11 views

Encryption: It's Complicated

Data breaches have become so common at this point that the mere fact that a government agency such as the South Carolina Department of Revenue loses several million Social Security numbers and credit card numbers isn’t really that noteworthy. It’s another day in the life of the Internet. But what...

6.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/08/22 5:56 p.m.16 views

Google Building Privacy Red Team

Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy “red team”, a group of people charged with finding and resolving privacy risks in th...

0.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2012/04/09 6:33 p.m.76 views

Navy Hires Contractor to Data-Mine Gaming Consoles

The U.S. Navy recently hired an outside contractor, Obscure Technologies, to develop computer forensics tools capable of analyzing network traffic and stored data on gaming consoles. The contract, valued at $177,237.50, calls on Obscure Technologies to create hardware and software tools that can ...

9.3CVSS8.3AI score0.99945EPSS
Exploits33References1
FreeBSD
FreeBSD
added 2010/11/30 12:0 a.m.29 views

krb5 -- unkeyed PAC checksum handling vulnerability

The MIT Kerberos team reports: MIT krb5 incorrectly accepts an unkeyed checksum for PAC signatures. An authenticated remote attacker can forge PACs if using a KDC that does not filter client-provided PAC data. This can result in privilege escalation against a service that relies on PAC contents t...

4.3CVSS6.1AI score0.02253EPSS
Exploits0References2
Drupal
Drupal
added 2010/04/28 12:0 a.m.14 views

SA-CONTRIB-2010-037 - Decisions - Access bypass

Decisions is a replacement for poll.module and provides advanced voting systems and decision-making tools. It aims to enable groups to take decisions online in a manner that replicates and augments what is possible in face-to-face meeting. In some listings, the Decisions module does not construct...

7.7AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2010/03/18 12:0 a.m.16 views

IS Decisions RemoteExec '.rec' Remote Buffer Overflow

The remote host is running IS Decisions RemoteExec, a computer- management application. The installed version is earlier than 4.0.5. Such versions are potentially affected by a buffer overflow vulnerability when processing specially crafted '.rec' files. An attacker, exploiting this flaw, could...

6.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2010/03/03 8:44 p.m.7 views

RSA 2010: Cryptographers Discuss Wisdom of 'Foolishness'

At the RSA conference in San Francisco, a panel of leading cryptographers reveal some of the lessons they have learned while making seemingly imprudent decisions. By going against the grain, new objectives can be made and boundaries overcome...

3AI score
Exploits0
ThreatPost
ThreatPost
added 2009/11/13 4:25 p.m.9 views

Security Metrics Are Useless Without a Plan

WASHINGTON–There has been a big push in recent years in the security community toward metrics, and measurements of all types have become a hot topic in certain corners of the industry. But measurement for measurement’s sake is useless-and perhaps even counterproductive–if the security team in an...

7.3AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2009/01/30 7:30 p.m.27 views

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

7.8CVSS7.1AI score0.00406EPSS
Exploits1References2
Cvelist
Cvelist
added 2009/01/30 7:0 p.m.47 views

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

7.4AI score0.00406EPSS
Exploits1References21
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.17 views

CVE-2004-0063

The SPPVerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a StatusOK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number...

6.5AI score0.01326EPSS
Exploits0References5
NVD
NVD
added 2004/02/17 5:0 a.m.15 views

CVE-2004-0063

The SPPVerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a StatusOK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number...

7.5CVSS6.5AI score0.01326EPSS
Exploits0References5
Rows per page
Query Builder