CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2018/02/09 2:29 p.m.•20 views

Arbitrary file deletion

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

3.3CVSS6.5AI score0.00088EPSS

Exploits0References7Affected Software4

n0where•added 2018/02/07 9:26 p.m.•589 views

Build Your Own IPsec VPN Server: Auto Setup Scripts

Set up your own IPsec VPN server in just a few minutes, with both IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest. An IPsec VPN encrypts your network traffic, so that nobody between you and the VP...

Exploits0References4

OSV•added 2018/02/01 9:39 a.m.•4 views

SUSE-SU-2018:0336-1 Security update for ecryptfs-utils

This update for ecryptfs-utils fixes the following issues: - CVE-2015-8946: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning bsc989121 - CVE-2016-6224: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive...

3.3CVSS3.8AI score0.00124EPSS

Tenable Nessus•added 2018/01/29 12:0 a.m.•132 views

Anonymous Key Exchanges Supported (PCI DSS)

At least one of the SSL or TLS services on the remote host supports an anonymous DH or anonymous ECDH cipher. When an anonymous cipher is used, the client does not authenticate the server and an attacker may intercept and modify encrypted traffic. C Tenable Network Security, Inc...

5.6AI score

CNVD•added 2018/01/25 12:0 a.m.•1 views

Apache Hadoop YARN NodeManager Password Disclosure Vulnerability

Apache Hadoop is a set of open source distributed system infrastructure of the Apache Apache Software Foundation of the United States, which is capable of distributed processing of large amounts of data, and has high reliability, high scalability, high fault tolerance, etc. YARN NodeManager is on...

9.8CVSS6.8AI score0.01594EPSS

Exploits1References1

HackRead•added 2018/01/13 6:46 p.m.•25 views

Cisco’s new tool will detect malware in encrypted traffic

By Waqas On January 10, Cisco’s officially released its software platform Encrypted This is a post from HackRead.com Read the original post: Ciscos new tool will detect malware in encrypted traffic...

6.9AI score

CNVD•added 2018/01/04 12:0 a.m.•2 views

Hoermann BiSecur Device Key Acquisition Vulnerability

Hoermann BiSecur devices is a security door remote control device from Hoermann Germany. A security vulnerability exists in Hoermann BiSecur devices prior to version 2018. An attacker could exploit the vulnerability by recording a single radio broadcast to intercept radio frames between the BiSec...

6.5CVSS6.8AI score0.00064EPSS

NVD•added 2017/12/31 2:29 a.m.•15 views

CVE-2017-17704

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

7.4CVSS7.5AI score0.00156EPSS

0day.today•added 2017/12/29 12:0 a.m.•47 views

HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions Vulnerability

HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure. / Exploit Title: HP Insight...

6.6AI score

Veracode•added 2017/12/27 10:45 p.m.•12 views

Elevation Of Privileges

passport-wsfed-saml2 is vulnerable to elevation of privileges. When a SAML identity provider doesn't sign the entire SAML response, attackers can change the NameIdentifier to login as a different user. The attacker needs either be able to intercept encrypted traffic and modify SAML responses on t...

8.1CVSS7.8AI score0.00422EPSS

Exploits0References1Affected Software1

NVD•added 2017/12/27 5:8 p.m.•26 views

CVE-2017-17844

An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block that the attacker cannot directly decrypt to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted...

6.5CVSS6.3AI score0.00238EPSS

ATTACKERKB•added 2017/12/27 5:8 p.m.•5 views

CVE-2017-17844

6.5CVSS5.7AI score0.00238EPSS

Exploits0References7

UbuntuCve•added 2017/12/27 5:8 p.m.•31 views

CVE-2017-17844

6.5CVSS6.9AI score0.00238EPSS

Prion•added 2017/12/27 5:8 p.m.•16 views

Design/Logic Flaw

4.3CVSS6.5AI score0.00238EPSS

Exploits0References5Affected Software2

Cvelist•added 2017/12/22 11:0 p.m.•27 views

CVE-2017-17844

6.8AI score0.00238EPSS

OPENSUSE Linux•added 2017/12/22 9:18 p.m.•155 views

Security update for enigmail (important)

This update for enigmail to version 1.9.9 fixes the following issues boo1073858: Enigmail could be coerced to use a malicious PGP public key with a corresponding secret key controlled by an attacker Enigmail could have replayed encrypted content in partially encrypted e-mails, allowing a plaintex...

2.6AI score

Securelist•added 2017/12/19 10:0 a.m.•13 views

Travle aka PYLOT backdoor hits Russian-speaking targets

At the end of September, Palo Alto released a report on Unit42 activity where they - among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle. Coincidentally, KL was recently involved ...

7.3AI score

Malwarebytes•added 2017/12/18 6:45 p.m.•9 views

A week in security (December 11 – December 17)

Last week we explained what fast flux is and how it's being abused, we showed you all kinds of Bitcoin-related scams, presented a video recording of a tech support scammer trying to sell free software, and pointed out some free software to keep an eye on your Internet traffic. We also informed yo...

6.8AI score