Lucene search
K

5472 matches found

The Hacker News
The Hacker News
added 2025/01/09 10:44 a.m.7 views

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Ransomware isn't slowing down—it's getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection. The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking...

6.9AI score
Exploits0
UbuntuCve
UbuntuCve
added 2025/01/09 1:15 a.m.22 views

CVE-2023-38037

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...

5.5CVSS6AI score0.00258EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.20 views

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. A security vulnerability exists in Ruby that stems from vulnerability to the Marvin attack, which allows an attacker to decrypt previously encrypted messages or forge...

7.4CVSS7.2AI score0.00626EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.1 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when processing FIPS encrypted or decrypted IOCTL calls invoked from user space...

7.8CVSS6.8AI score0.00085EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.2 views

PT-2025-30869

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-smp-DEV 2 Description The Linux kernel contained a flaw within the KVM component, specifically related to Secure Encrypted Virtualization SEV and Secure Encrypted Virtualization-Encrypted State SEV-ES. The...

5.5CVSS6.5AI score0.00147EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-49298

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop versions prior to 3.16.5 Description Nextcloud Desktop is a desktop sync client for Nextcloud. Before version 3.16.5, the file path was transmitted unencrypted when attempting to manually lock a file within an end-to-end...

2.7CVSS6.4AI score0.00242EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2026-7455

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity...

6.7CVSS5.5AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2026-7453

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality...

4.6CVSS5.5AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-7616 · Debian · Debian

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: affected versions not specified Description: The issue concerns information disclosure of S/MIME encrypted emails. Recommendations: At the moment, there is no information about a newer version...

7.5CVSS5.9AI score0.00296EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2024/12/30 4:46 p.m.17 views

Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

5.7CVSS6.9AI score0.00209EPSS
Exploits0References4Affected Software1
RubySec
RubySec
added 2024/12/30 12:0 a.m.16 views

Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

5.7CVSS6.9AI score0.00209EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.5 views

The vulnerability of the web interface of Draytek Vigor routers, Draytek Vigor access points, Draytek Vigor switches, and the cloud platform Draytek Vigor Myvigor arises from the use of rigidly encrypted credentials. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the web interface of Draytek Vigor routers, Draytek Vigor access points, Draytek Vigor switches, and the cloud platform Draytek Vigor Myvigor is related to the use of rigidly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to compromise the...

10CVSS7.7AI score0.00599EPSS
Exploits1References2Affected Software72
RedhatCVE
RedhatCVE
added 2024/12/19 6:53 a.m.17 views

CVE-2024-49504

grub2 allowed attackers with access to the grub shell to access files on the encrypted disks...

8.4CVSS6.8AI score0.00325EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.4 views

The vulnerability of Dell RecoverPoint’s data protection software for virtual machines, related to the use of strictly encrypted credentials, allows attackers to gain unauthorized access to protected information.

The vulnerability of Dell RecoverPoint’s data protection software for virtual machines relates to the use of strictly encrypted authentication credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information remotely...

5.3CVSS5.4AI score0.00402EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2024/12/18 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-23227

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...

10CVSS7.4AI score0.49431EPSS
Exploits1References1
CISA KEV Catalog
CISA KEV Catalog
added 2024/12/18 12:0 a.m.25 views

NUUO NVRmini2 Devices Missing Authentication Vulnerability

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...

10CVSS9.7AI score0.49431EPSS
In wildExploits1
Cvelist
Cvelist
added 2024/12/17 10:59 p.m.18 views

CVE-2024-10973 Keycloak: cli option for encrypted jgroups ignored

A vulnerability was found in Keycloak. The environment option KCCACHEEMBEDDEDMTLSENABLED does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information...

5.7CVSS0.00267EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2024/12/16 8:19 a.m.7 views

A week in security (December 9 – December 15)

Last week on Malwarebytes Labs: Encrypted messaging service intercepted, 2.3 million messages read by law enforcement TikTok ban in US: Company seeks emergency injunction to prevent it Data brokers should stop trading health and location data, new bill proposes Update now! Apple releases new...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.2 views

PT-2024-41356 · Opensuse +1 · Mozilla Firefox

Name of the Vulnerable Software and Affected Versions: MozillaFirefox version 128.5.1 ESR Description: This issue prevents some websites from loading when using SSL Inspection. Recommendations: Update to Firefox Extended Support Release 128.5.1 ESR...

7.1AI score
Exploits0References3
OSV
OSV
added 2024/12/13 1:18 p.m.3 views

OESA-2024-2550 linux-firmware security update

This package contains firmware images required by some devices. Security Fixes: IOMMU improperly handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in...

6CVSS6.7AI score0.00199EPSS
Exploits0References3
Rows per page
Query Builder