Lucene search
K

1555 matches found

Kitploit
Kitploit
added 2020/06/21 12:30 p.m.193 views

Zip Cracker - Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline

This Script Supports Only Zip File in This Version You Can Also Use This Script With crunch Cross-platform Supported Usage: zipcracker.py options Options: --version show program's version number and exit -h, --help show this help message and exit -f FILENAME, --file=FILENAME Please Specify Path o...

7.3AI score
Exploits0References1
CNVD
CNVD
added 2020/06/19 12:0 a.m.12 views

Python Resource Management Error Vulnerability (CNVD-2020-52841)

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in the IPv4Interface and IPv6Interface of the Lib/ipaddress.py file in...

5.9CVSS8.6AI score0.12826EPSS
Exploits0References1
OSV
OSV
added 2020/06/18 2:15 p.m.25 views

CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

5.9CVSS6.6AI score
Exploits0References24
NVD
NVD
added 2020/06/18 2:15 p.m.22 views

CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

5.9CVSS0.12826EPSS
Exploits0References24
Prion
Prion
added 2020/06/18 2:15 p.m.25 views

Design/Logic Flaw

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

4.3CVSS6.2AI score0.12826EPSS
Exploits0References24Affected Software4
Debian CVE
Debian CVE
added 2020/06/18 12:0 a.m.57 views

CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

5.9CVSS6.8AI score0.12826EPSS
Exploits0
OSV
OSV
added 2020/06/15 7:34 p.m.27 views

GHSA-2PPP-9496-P23Q Insufficient Entropy in Spring Security

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.5CVSS6.4AI score0.01594EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/06/15 7:34 p.m.36 views

Insufficient Entropy in Spring Security

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.5CVSS4.7AI score0.01594EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2020/06/04 4:15 p.m.15 views

CVE-2020-13814

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary...

9.8CVSS9.5AI score0.01717EPSS
Exploits0References1
OSV
OSV
added 2020/06/04 4:15 p.m.2 views

CVE-2020-13814

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary...

9.8CVSS7.3AI score0.01717EPSS
Exploits0References1
Prion
Prion
added 2020/06/04 4:15 p.m.19 views

Design/Logic Flaw

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary...

7.5CVSS9.3AI score0.01717EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2020/06/04 3:36 p.m.53 views

CVE-2020-13814

Foxit Reader and PhantomPDF are affected by CVE-2020-13814. Before version 9.7.1, a use-after-free can occur in a document that lacks a dictionary, leading to potential memory-related impact. The NVD/NVD-derived record indicates a high-severity issue with exploitation potential via network access...

9.8CVSS9.3AI score0.01717EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/06/04 3:36 p.m.23 views

CVE-2020-13814

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary...

9.5AI score0.01717EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2020/06/04 3:36 p.m.16 views

CVE-2020-13814

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary...

9.8CVSS7AI score0.01717EPSS
Exploits0References1
Veracode
Veracode
added 2020/05/15 1:1 a.m.23 views

Information Disclosure

spring-security-core is vulnerable to Information Disclosure. The vulnerability exists as it uses a fixed null initialization vector with CBC Mode for the queryable text encryptor rather than handling the null value passed to the function BCryptPasswordEncoder.encode, thereby allowing a user with...

6.5CVSS1.8AI score0.01594EPSS
Exploits0References5Affected Software2
CNVD
CNVD
added 2020/05/15 12:0 a.m.12 views

Spring Security Security Feature Issue Vulnerability

Spring Security, formerly known as Acegi Security , is a framework used by the Spring project team to provide secure authentication services. A security signature issue vulnerability exists in Spring Security. An attacker can exploit this vulnerability to obtain unencrypted values with the help o...

6.5CVSS9.3AI score0.01594EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/05/14 6:15 p.m.39 views

CVE-2020-5408

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.5CVSS6.7AI score0.01594EPSS
Exploits0References2
CVE
CVE
added 2020/05/14 5:15 p.m.130 views

CVE-2020-5408

CVE-2020-5408 (IBM) affects IBM Sterling Connect:Direct Web Services. A fixed null initialization vector in CBC mode for the queryable text encryptor may allow a dictionary attack to derive unencrypted values, exposing sensitive information. Remediation is via upgrading to supported fixes: IBM St...

6.5CVSS6.5AI score0.01594EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2020/05/14 5:15 p.m.28 views

CVE-2020-5408 Dictionary attack with Spring Security queryable text encryptor

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.6AI score0.01594EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 3:28 p.m.2 views

freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations

An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks...

6.5CVSS5.8AI score0.01632EPSS
Exploits1References4
Rows per page
Query Builder