Lucene search
K

69 matches found

Amazon
Amazon
added 2023/07/19 12:0 a.m.4 views

Important: nodejs

Issue Overview: The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please no...

7.5CVSS7.3AI score0.03906EPSS
Exploits1
Cvelist
Cvelist
added 2023/03/16 12:0 a.m.26 views

CVE-2023-28113 russh may use insecure Diffie-Hellman keys

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

5.9CVSS5.7AI score0.00617EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/03/16 12:0 a.m.8 views

CVE-2023-28113 russh may use insecure Diffie-Hellman keys

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

5.9CVSS5.5AI score0.00617EPSS
Exploits1References6
Veracode
Veracode
added 2019/05/02 5:12 a.m.35 views

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...

6.8CVSS4.7AI score0.04102EPSS
Exploits0References36Affected Software3
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.73 views

EulerOS 2.0 SP1 : nss, nss-util (EulerOS-SA-2016-1084)

According to the versions of the nss, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these...

9.3CVSS8AI score0.0338EPSS
Exploits0References4
Hacker One
Hacker One
added 2017/01/10 1:38 p.m.254 views

FormAssembly: formassembly.com is vulnerable to padding-oracle attacks.

Dear Formassembly bug bounty team, Summary --- formassembly.com is vulnerable to CVE-2016-2107, allowing remote attackers to obtain sensitive information via padding-oracle attacks. $ git clone https://github.com/FiloSottile/CVE-2016-2107.git $ go run main.go www.formassembly.com ... Vulnerable:...

2.6CVSS6.9AI score0.89058EPSS
Exploits6
ThreatPost
ThreatPost
added 2016/11/11 7:0 a.m.11 views

OpenSSL Patches High-Severity Denial-of-Service Bug

OpenSSL on Thursday patched three vulnerabilities in its latest update, and reminded users running version 1.0.1 of the cryptographic library that that security support will end Dec. 31. Of the three bugs, only one was rated high severity and could lead to OpenSSL crashes. Only OpenSSL 1.1.0 is...

0.9AI score
Exploits0References2
ThreatPost
ThreatPost
added 2016/08/03 10:0 a.m.14 views

Export-Grade Crypto Patching Improves

LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption...

0.2AI score
Exploits0References4
OSV
OSV
added 2016/07/11 4:36 p.m.3 views

USN-3029-1 nss vulnerability

Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. This update refreshes the NSS package to version 3.23 which includes the latest CA...

9.3CVSS7.3AI score0.0338EPSS
Exploits0References2
OSV
OSV
added 2016/05/03 2:49 p.m.4 views

USN-2959-1 openssl vulnerabilities

Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-2108 Juraj...

10CVSS7.2AI score0.89058EPSS
Exploits7References6
n0where
n0where
added 2015/09/15 3:6 a.m.60 views

Offline WPS Bruteforce Utility: PixieWPS

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs pixie dust attack Additional Video: http://video.adm.ntnu.no/pres/549931214e18d Pixiewps requires libssl. To install it: sudo apt-get install libssl-dev Installation:...

0.2AI score
Exploits0References2
OSV
OSV
added 2015/09/13 9:58 p.m.7 views

MGASA-2015-0362 Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerability: The mariadb packages have been updated to versions 5.5.45 and 10.0.21 for Mageia 4 and Mageia 5, respectively. The key length for creating Diffie- Hellman keys has been increased to 2048 bits, and other bugs have been fixed. See the upstream...

7.5AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/10/23 12:0 a.m.41 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20141015)

Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519 It was...

6.8CVSS7.3AI score0.04102EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2014/10/23 12:0 a.m.55 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20141015)

Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519 It was...

6.8CVSS7.3AI score0.04102EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2014/10/23 12:0 a.m.53 views

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20141015)

Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519 It was...

6.8CVSS7.3AI score0.04102EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2014/10/16 12:0 a.m.33 views

CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2014:1620)

Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

6.8CVSS7.3AI score0.04102EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2014/10/16 12:0 a.m.54 views

CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2014:1634)

Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

6.8CVSS7.3AI score0.04102EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2014/10/16 12:0 a.m.69 views

CentOS 5 : java-1.7.0-openjdk (CESA-2014:1633)

Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...

6.8CVSS7.3AI score0.04102EPSS
Exploits0References11
Cent OS
Cent OS
added 2014/10/15 12:22 p.m.81 views

java security update

CentOS Errata and Security Advisory CESA-2014:1620 Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability...

6.8CVSS6.7AI score0.04102EPSS
Exploits0References7
Cent OS
Cent OS
added 2014/10/15 11:48 a.m.75 views

java security update

CentOS Errata and Security Advisory CESA-2014:1634 Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability...

6.8CVSS6.7AI score0.04102EPSS
Exploits0References7
Rows per page
Query Builder