Lucene search
K

5472 matches found

OSV
OSV
added 2021/02/02 9:11 a.m.4 views

OPENSUSE-SU-2021:0227-1 Security update for messagelib

This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying boo1131885. This update was imported from the openSUSE:Leap:15.1:Update update project...

4.3CVSS4.8AI score0.00586EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/02/02 12:0 a.m.5 views

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed Nosql database from the Apache Foundation.Cassandra is a hybrid non-relational database, similar to Google's BigTable.Its main features are richer than Dynamo a distributed Key-Value storage system, but the support is not as good as a document store. MongoDB...

7.5CVSS7.1AI score0.01931EPSS
Exploits0References8
OPENSUSE Linux
OPENSUSE Linux
added 2021/02/02 12:0 a.m.32 views

Security update for messagelib (moderate)

openSUSE Security Update: Security update for messagelib Announcement ID: openSUSE-SU-2021:0227-1 Rating: moderate References: 1131885 Cross-References: CVE-2019-10732 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This updat...

4.3CVSS6.1AI score0.00586EPSS
Exploits1References1
OSV
OSV
added 2021/01/29 7:13 p.m.3 views

OPENSUSE-SU-2021:0188-1 Security update for messagelib

This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying boo1131885...

4.3CVSS4.8AI score0.00586EPSS
Exploits1References3
Rapid7 Blog
Rapid7 Blog
added 2021/01/29 2:20 p.m.525 views

NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

10CVSS8AI score0.89047EPSS
Exploits24
Wired Threat Level
Wired Threat Level
added 2021/01/29 12:0 p.m.40 views

This Encrypted Gun Registry Might Bridge a Partisan Divide

Researchers from Brown University have developed a system that could keep track of firearms while preserving privacy...

4.2AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2021/01/29 12:0 a.m.26 views

Security update for messagelib (moderate)

openSUSE Security Update: Security update for messagelib Announcement ID: openSUSE-SU-2021:0188-1 Rating: moderate References: 1131885 Cross-References: CVE-2019-10732 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

4.3CVSS4.5AI score0.00586EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2021/01/28 7:58 p.m.1 views

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

8.8CVSS7.3AI score0.00856EPSS
Exploits1References5
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/01/28 5:0 p.m.186 views

ZINC attacks against security researchers

In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive securit...

8.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/01/28 4:38 p.m.2 views

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

8.8CVSS7.3AI score0.00856EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/01/27 12:0 a.m.3 views

Mozilla Thunderbird Command Injection Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird versions prior to...

8.8CVSS7.3AI score0.00856EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2021/01/26 11:24 a.m.3 views

cryptsetup: Out-of-bounds write when validating segments

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

7.8CVSS7.8AI score0.01157EPSS
Exploits0References5
0day.today
0day.today
added 2021/01/22 12:0 a.m.45 views

Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation Vulnerability

Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Local Privilege Escalation Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/16 7:30 a.m.3 views

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

The U.S. National Security Agency NSA on Friday said DNS over HTTPS DoH — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transpo...

5.7AI score
Exploits0
OSV
OSV
added 2021/01/15 6:15 p.m.4 views

CVE-2021-0206

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine PFE to crash and restart, resulting in a Denial of Service DoS. By continuously sending these specific packets, an attacker can repeatedly disabl...

7.5CVSS7.1AI score0.0131EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2021/01/15 3:8 p.m.39 views

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but youre glad you did it where people dont know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network VPN can do for you: it can put you in a place where you...

Exploits0
CISA
CISA
added 2021/01/15 12:0 a.m.7 views

NSA Releases Guidance on Encrypted DNS in Enterprise Environments  

The National Security Agency NSA has released an information sheet with guidance on adopting encrypted Domain Name System DNS over Hypertext Transfer Protocol over Transport Layer Security HTTPS, referred to as DNS over HTTPS DoH. When configured appropriately, strong enterprise DNS controls can...

6.7AI score
Exploits0References1
Prion
Prion
added 2021/01/13 6:15 p.m.23 views

Design/Logic Flaw

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of...

2.1CVSS4.6AI score0.00207EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2021/01/11 12:0 a.m.223 views

PortableKanban 4.3.6578.38136 Encrypted Password Disclosure

Exploit Title: PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval Date: 9 Jan 2021 Exploit Author: rootabeta Vendor Homepage: The original page, https://dmitryivanov.net/, cannot be found at this time of writing. The vulnerable software can be downloaded from...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/11 12:0 a.m.321 views

PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval

Exploit Title: PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval Date: 9 Jan 2021 Exploit Author: rootabeta Vendor Homepage: The original page, https://dmitryivanov.net/, cannot be found at this time of writing. The vulnerable software can be downloaded from...

7.4AI score
Exploits0
Rows per page
Query Builder