Lucene search
K

259 matches found

UbuntuCve
UbuntuCve
added 2020/05/14 6:15 p.m.40 views

CVE-2020-5408

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.5CVSS6.7AI score0.01594EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/05/14 5:15 p.m.31 views

CVE-2020-5408 Dictionary attack with Spring Security queryable text encryptor

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.6AI score0.01594EPSS
Exploits0References4
CVE
CVE
added 2020/05/14 5:15 p.m.130 views

CVE-2020-5408

CVE-2020-5408 (IBM) affects IBM Sterling Connect:Direct Web Services. A fixed null initialization vector in CBC mode for the queryable text encryptor may allow a dictionary attack to derive unencrypted values, exposing sensitive information. Remediation is via upgrading to supported fixes: IBM St...

6.5CVSS6.5AI score0.01594EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2020/04/28 3:28 p.m.3 views

freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations

An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks...

6.5CVSS5.8AI score0.01632EPSS
Exploits1References4
NVD
NVD
added 2020/03/24 7:15 p.m.14 views

CVE-2019-20575

An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...

5.4CVSS5.6AI score0.00121EPSS
Exploits0References1
OSV
OSV
added 2020/03/24 7:15 p.m.1 views

CVE-2019-20575

An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...

5.4CVSS6.1AI score0.00121EPSS
Exploits0References1
Prion
Prion
added 2020/03/24 7:15 p.m.16 views

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...

4.8CVSS5.6AI score0.00121EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/03/24 6:43 p.m.53 views

CVE-2019-20575

The CVE-2019-20575 entry concerns Samsung mobile devices running P(9.0). The vulnerability lies in the WPA3 handshake, allowing a downgrade or dictionary attack. Affected component: WPA3 handshake implementation on Samsung devices (SVE-2019-14204 reference). The available connected records corrob...

5.4CVSS5.6AI score0.00121EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/06 12:0 a.m.544 views

CVE-2019-14833

CVE-2019-14833 affects Samba, specifically the AD DC password handling where a custom script for password complexity may fail to verify non‑ASCII passwords, potentially allowing weak passwords and dictionary attacks. Affected releases include Samba 4.5.0 up to but not including 4.9.15, and also 4...

5.4CVSS5.9AI score0.02084EPSS
Exploits0References9Affected Software1
CNVD
CNVD
added 2019/10/23 12:0 a.m.3 views

D-Link DAP-1320 Authorization Issues Vulnerability

The D-Link DAP-1320 is a wireless signal extender from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DAP-1320 A2-V1.21 version, which originates from some web interfaces that do not require authentication. An attacker could obtain the user's Wi-Fi SSID and password to...

7.5CVSS7AI score0.01685EPSS
Exploits1References1
NVD
NVD
added 2019/10/14 6:15 p.m.12 views

CVE-2019-12941

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output input i...

10CVSS9.7AI score0.02377EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/10/14 5:2 p.m.15 views

CVE-2019-12941

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output input i...

9.8AI score0.02377EPSS
Exploits1References3
CVE
CVE
added 2019/10/14 5:2 p.m.96 views

CVE-2019-12941

Summary : CVE-2019-12941 affects AutoPi Wi‑Fi/NB and AutoPi 4G/LTE devices prior to 2019-10-15. The default WiFi password and WiFi SSID are derived from the same hash function output using an 8‑character input, enabling an attacker to perform brute‑force or dictionary attacks to gain access to th...

10CVSS9.6AI score0.02377EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2019/10/11 8:15 p.m.14 views

Authentication flaw

D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplinkinfo.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack...

5CVSS7.6AI score0.01685EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/11 7:28 p.m.21 views

CVE-2019-17505

D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplinkinfo.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack...

7.6AI score0.01685EPSS
Exploits1References1
NVD
NVD
added 2019/09/23 6:15 p.m.25 views

CVE-2019-11277

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...

8.4CVSS8.1AI score0.01707EPSS
Exploits0References1
Prion
Prion
added 2019/09/23 6:15 p.m.16 views

Design/Logic Flaw

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...

5.5CVSS8AI score0.01707EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2019/08/31 1:22 p.m.11 views

MGASA-2019-0229 Updated wpa_supplicant and hostapd packages fix security vulnerability

A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...

5.9CVSS5.9AI score0.03739EPSS
Exploits0References4
Kitploit
Kitploit
added 2019/05/18 12:59 p.m.181 views

Brutemap - Tool That Automates Testing Accounts To The Site's Login Page

Brutemap is an open source penetration testing tool that automates testing accounts to the site's login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because...

7AI score
Exploits0References6
Kitploit
Kitploit
added 2019/05/15 9:53 p.m.154 views

JWT Tool - A Toolkit For Testing, Tweaking And Cracking JSON Web Tokens

jwttool.py is a toolkit for validating, forging and cracking JWTs JSON Web Tokens. Its functionality includes: Checking the validity of a token Testing for the RS/HS256 public key mismatch vulnerability Testing for the alg=None signature-bypass vulnerability Testing the validity of a secret/key/k...

7.2AI score
Exploits0References1
Rows per page
Query Builder