Lucene search
K

8752 matches found

Cvelist
Cvelist
added 2019/01/16 8:0 p.m.32 views

CVE-2018-5738 Some versions of BIND can improperly permit recursive query service to unauthorized clients

Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...

5.3CVSS6.1AI score0.1107EPSS
Exploits0References5
OSV
OSV
added 2019/01/16 7:30 p.m.3 views

CVE-2019-2480

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

5.3CVSS6.3AI score0.01879EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2019/01/16 5:0 p.m.134 views

The Advanced Persistent Threat files: APT10

We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...

0.1AI score
Exploits0
Fedora
Fedora
added 2019/01/15 1:53 a.m.10 views

[SECURITY] Fedora 28 Update: nbdkit-1.4.4-1.fc28

NBD is a protocol for accessing block devices hard disks and disk-like things over the network. 'nbdkit' is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Well-documented, simple plugin API with a stable ABI guarantee. Allows...

1.4AI score
Exploits0
Kaspersky
Kaspersky
added 2019/01/15 12:0 a.m.38 views

KLA11404 Multiple vulnerabilities in Microsoft Development Tools

Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, perform cross-site scripting attacks. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability in Team Foundation...

6.5CVSS6.7AI score0.04611EPSS
Exploits0References4
CNVD
CNVD
added 2019/01/14 12:0 a.m.6 views

Intel SGX SDK and SGX Platform Software Elevation of Privilege Vulnerability

Intel SGX SDK and SGX Platform Software are both products of Intel Corporation, Intel SGX SDK is a software development kit based on SGX Intel Software Security Extensions technology, and SGX Platform Software is a software protection extension platform. A security vulnerability exists in Intel S...

7.3CVSS6.8AI score0.00278EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2019/01/11 5:49 p.m.25 views

TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has two variants: one focused on remote...

2.5AI score
Exploits0References6
Fedora
Fedora
added 2019/01/11 4:36 a.m.38 views

[SECURITY] Fedora 29 Update: python-django-2.0.10-1.fc29

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

6.5CVSS1.6AI score0.03685EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2019/01/10 5:0 p.m.75 views

Detecting Insecure Cookies with Qualys Web Application Scanning

Cookies are ubiquitous in today's modern web applications. If an attacker can acquire a user's session cookie by exploiting a cross-site scripting XSS vulnerability, by sniffing an unencrypted HTTP connection, or by some other means, then they can potentially hijack a user's valid session...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/10 12:0 a.m.35 views

Debian DSA-4363-1 : python-django - security update

It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4363. The text itself is...

6.5CVSS6.3AI score0.03685EPSS
Exploits0References4
Microsoft Secure
Microsoft Secure
added 2019/01/09 5:0 p.m.71 views

Guide to Developing a National Cybersecurity Strategy—a resource for policymakers to respond to cybersecurity challenges

Nations from every corner of the world are increasingly leveraging digital transformation to grow their economies and empower businesses to improve services, including vital services provided by critical infrastructures. This adoption of new information communications technologies ICT has...

1.4AI score
Exploits0
Filippo.io
Filippo.io
added 2019/01/07 2:8 a.m.101 views

mkcert: valid HTTPS certificates for localhost

or for any other names The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let's Encrypt, development still mostly ends up happenin...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/07 12:0 a.m.27 views

Debian DLA-1629-1 : python-django security update

It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see : https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ For Debian 8 'Jessie', this issue has been fixed in...

6.5CVSS6.2AI score0.03685EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2019/01/07 12:0 a.m.41 views

Debian: Security Advisory (DSA-4363-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.03685EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2019/01/04 5:41 p.m.6 views

@5minutes2start/react-scripts (>=1.1.2 <=1.1.4), @biko/react-scripts (>=0.1.0 <=0.4.0) +132 more potentially affected by CVE-2018-6342 via react-dev-utils (>=4.0.0 <=4.2.1)

react-dev-utils NPM version =4.0.0, =1.1.2, =0.1.0, =0.8.12, =0.1.0, =0.0.1, =2.13.0, =2.14.0, =0.2.0, =0.3.0, =0.2.2, =0.2.10-SNAPSHOT.481, =0.2.10-SNAPSHOT.673 - @leizeng/react-scripts-ts =2.13.0 and more Source cves: CVE-2018-6342 Source advisory: OSV:GHSA-29GP-92WP-94Q8...

10CVSS7.2AI score0.02845EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/01/02 2:29 p.m.24 views

CVE-2018-17188

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full...

7.2CVSS6.8AI score0.03228EPSS
Exploits0References2
Prion
Prion
added 2019/01/02 2:29 p.m.17 views

Design/Logic Flaw

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full...

6.5CVSS7.2AI score0.03228EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.19 views

SUSE SLED15 / SLES15 Security Update : Initial update for kernel-azure (SUSE-SU-2018:1952-1)

This update is the initial delivery of the Azure flavor of the Linux Kernel, which contains enhancements and optimizations for running the SUSE Linux Enterprise kernel in the Azure cloud. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.16 views

SUSE SLED15 / SLES15 Security Update : pam (SUSE-SU-2018:3965-1)

This update for pam fixes the following issue : Security issue fixed : CVE-2018-17953: Fixed IP address and subnet handling of pamaccess.so that was not honoured correctly when a single host was specified bsc1115640. Note that Tenable Network Security has extracted the preceding description block...

9.3CVSS7.4AI score0.01342EPSS
Exploits0References4
SQLite
SQLite
added 2019/01/01 12:0 a.m.30 views

SQLite report about CVE-2019-19317

This CVE identifies a bug in a development check-in of SQLite. The bug never appeared in any official SQLite release. details...

9.8CVSS8.8AI score0.04276EPSS
Exploits0Affected Software1
Rows per page
Query Builder