Lucene search
K

5472 matches found

RedHat Linux
RedHat Linux
added 2020/11/04 12:36 p.m.5 views

cryptsetup: Out-of-bounds write when validating segments

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

7.8CVSS7.8AI score0.01157EPSS
Exploits0References5
CNVD
CNVD
added 2020/10/29 12:0 a.m.2 views

Pulse Secure Pulse Connect Secure Input Validation Error Vulnerability (CNVD-2020-60092)

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. Pulse Connect Secure versions prior to 9.1R9 have an input validation error vulnerability that can be exploited by an attacker to execute an...

4.9CVSS6.5AI score0.02264EPSS
Exploits0References1
OSV
OSV
added 2020/10/28 1:15 p.m.1 views

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

4.9CVSS6.3AI score0.02264EPSS
Exploits0References1
NVD
NVD
added 2020/10/28 1:15 p.m.19 views

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

4.9CVSS5AI score0.02264EPSS
Exploits0References1
Prion
Prion
added 2020/10/28 1:15 p.m.23 views

Arbitrary file deletion

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

4CVSS4.9AI score0.02264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/28 12:46 p.m.25 views

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

5AI score0.02264EPSS
Exploits0References1
OSV
OSV
added 2020/10/27 9:15 p.m.3 views

CVE-2020-9774

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...

7.5CVSS7.1AI score0.00613EPSS
Exploits0References1
NVD
NVD
added 2020/10/27 9:15 p.m.23 views

CVE-2020-9774

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...

7.5CVSS7AI score0.00613EPSS
Exploits0References1
Prion
Prion
added 2020/10/27 9:15 p.m.17 views

Code injection

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...

5CVSS7.3AI score0.00613EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/10/27 8:15 p.m.26 views

CVE-2019-8645

An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...

6.5CVSS5.3AI score0.00777EPSS
Exploits0References1
OSV
OSV
added 2020/10/27 8:15 p.m.3 views

CVE-2019-8645

An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...

6.5CVSS6.9AI score0.00777EPSS
Exploits0References1
Prion
Prion
added 2020/10/27 8:15 p.m.19 views

Code injection

An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...

4CVSS5.2AI score0.00777EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/10/27 8:12 p.m.72 views

CVE-2020-9774

CVE-2020-9774 describes an issue where Siri Suggestions could improperly access encrypted data. The Apple advisories indicate the vulnerability was mitigated by limiting access to encrypted data and fixes were released in macOS Catalina 10.15.3, Mojave Security Update 2020-001, and High Sierra Se...

7.5CVSS7.8AI score0.00613EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/27 8:12 p.m.24 views

CVE-2020-9774

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...

7.4AI score0.00613EPSS
Exploits0References1
CVE
CVE
added 2020/10/27 7:41 p.m.59 views

CVE-2019-8645

CVE-2019-8645 relates to macOS Mail handling of S/MIME-encrypted messages. The issue stems from insufficient isolation of MIME in Mail, enabling an attacker in a privileged network position to intercept S/MIME email contents. Apple fixes identify macOS Mojave 10.14.4 and Security Update 2019-002 ...

6.5CVSS6.1AI score0.00777EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2020/10/27 4:1 p.m.29 views

Researchers: Instagram, LinkedIn Vulnerable to Preview-Link RCE Security Woes

UPDATE Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. At risk are Facebook Messenger, LINE, Slack, Twitter Direct Messages, Zoom and many others. In the case of Instagram and LinkedIn, it’s even possible to execute remo...

7.3AI score
Exploits0References7
The Hacker News
The Hacker News
added 2020/10/26 12:31 p.m.3 views

Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the...

6.1AI score
Exploits0
OSV
OSV
added 2020/10/21 7:15 p.m.4 views

CVE-2020-3562

A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validatio...

8.6CVSS7.3AI score0.01788EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2020/10/19 1:4 p.m.30 views

NICER Protocol Deep Dive: Internet Exposure of IMAP and POP

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

7.2AI score
Exploits0
NVD
NVD
added 2020/10/16 9:15 p.m.12 views

CVE-2020-1688

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...

6.5CVSS0.00314EPSS
Exploits0References5
Rows per page
Query Builder