Lucene search
K

8752 matches found

ThreatPost
ThreatPost
added 2020/02/13 2:49 p.m.61 views

Puerto Rico Gov Hit By $2.6M Phishing Scam

A phishing scam has swindled a Puerto Rico government agency out of more than $2.6 million, according to reports. According to reports, the email-based phishing scam hit Puerto Rico’s Industrial Development Company, which is a government-owned corporation aimed at driving economic development to...

7.2AI score
Exploits0References9
OSV
OSV
added 2020/02/12 7:15 p.m.4 views

CVE-2019-17519

The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet...

8.8CVSS7.8AI score
Exploits0References1
OSV
OSV
added 2020/02/12 3:15 p.m.6 views

CVE-2019-19196

The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an...

6.5CVSS7.2AI score0.01357EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/02/12 11:22 a.m.4 views

OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.4AI score0.0404EPSS
Exploits0References4
CNVD
CNVD
added 2020/02/11 12:0 a.m.4 views

Atlassian Jira Code Issue Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira. The vulnerability stems from an improperly designed or implemented code...

7.8CVSS7.2AI score0.00367EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/11 12:0 a.m.1 views

Lustre mdt module code issue vulnerability

Lustre is a parallel distributed file system typically used in large computer clusters and supercomputers, of which Lustre mdt is a module. A code issue vulnerability exists in the Lustre mdt module. The vulnerability stems from an improperly designed or implemented code development process for a...

7.8CVSS7.2AI score0.02948EPSS
Exploits1References1
NVD
NVD
added 2020/02/07 11:15 p.m.11 views

CVE-2019-13163

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

5.9CVSS5.7AI score0.006EPSS
Exploits0References1
Prion
Prion
added 2020/02/07 11:15 p.m.20 views

Design/Logic Flaw

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

4.3CVSS5.7AI score0.006EPSS
Exploits0References1Affected Software22
Cvelist
Cvelist
added 2020/02/07 10:45 p.m.20 views

CVE-2019-13163

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

5.7AI score0.006EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2020/02/06 5:0 p.m.33 views

Visionary security partners to be honored at the very first Microsoft Security 20/20 event

Microsoft Security 20/20 is nearly here and our team is putting the final touches on what we think will be a memorable event. Microsoft Security 20/20 will put the spotlight on companies and individuals with a clear-eyed view of the security challenges we face and smart solutions to help solve...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.29 views

Security Bulletin: A vulnerability in IBM Java SDK affects Rational Application Developer for WebSphere (CVE-2014-0453)

Summary There is a vulnerability in IBM SDK Java Technology Edition, Versions 5, 6, and 7 that is used by Rational Application Developer for WebSphere. This issue was disclosed as part of the IBM Java SDK updates in April 2014. Vulnerability Details | Subscribe to My Notifications to be notified ...

4CVSS0.3AI score0.04858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.29 views

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Application Developer for WebSphere Software (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. A...

5CVSS0.4AI score0.74006EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/02/05 12:0 a.m.2 views

OSSEC-HIDS Code Issue Vulnerability

OSSEC-HIDS is an open source intrusion detection tool. OSSEC-HIDS is vulnerable to a code issue. The vulnerability stems from an improperly designed or implemented code development process for a network system or product. An attacker could exploit this vulnerability to cause a denial of service...

5.5CVSS7AI score0.00492EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2020/01/31 2:34 p.m.66 views

Sodinokibi Ransomware Group Sponsors Hacking Contest

White hats aren’t alone in holding hacking contests. Russian-language cybercriminals are known for running similar competitions on underground forums. However, an analysis of Dark Web activity has uncovered a trend towards offering increasingly high-stakes prizes during such battles. At the same...

6.4AI score
Exploits0References5
Veracode
Veracode
added 2020/01/28 1:39 p.m.23 views

Cross-site Scripting (XSS)

ratpack-core is susceptible to cross-site scripting XSS. It does not sanitize the user input rendered as an exception message in the development error handler, allowing an attacker to inject malicious script via the message.The library is vulnerable only through the development mode's error handl...

6.1CVSS2.2AI score0.00857EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/01/28 1:15 a.m.3 views

CVE-2019-10770

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

6.1CVSS6.3AI score
Exploits0References1
NVD
NVD
added 2020/01/28 1:15 a.m.33 views

CVE-2019-10770

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

6.1CVSS6.1AI score0.00857EPSS
Exploits1References1
Prion
Prion
added 2020/01/28 1:15 a.m.21 views

Cross site scripting

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

4.3CVSS6AI score0.00857EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/01/28 12:21 a.m.36 views

CVE-2019-10770

All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to b...

6.1AI score0.00857EPSS
Exploits1References1
OSV
OSV
added 2020/01/27 7:28 p.m.12 views

GHSA-R2WF-Q3X4-HRV9 Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)

Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...

6.1CVSS6.2AI score0.00857EPSS
Exploits1References4
Rows per page
Query Builder