Lucene search
K

5470 matches found

Positive Technologies
Positive Technologies
added 2020/10/06 12:0 a.m.4 views

PT-2020-15832 · Google · Gaen Protocol

Name of the Vulnerable Software and Affected Versions: GAEN protocol affected versions not specified Description: An issue was discovered in the GAEN protocol, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping ...

5.9CVSS6.6AI score0.02435EPSS
Exploits1References7
Rapid7 Blog
Rapid7 Blog
added 2020/10/02 1:58 p.m.61 views

NICER Protocol Deep Dive: Internet Exposure of SMTP

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

7.5CVSS9.6AI score0.99961EPSS
Exploits27
Hacker One
Hacker One
added 2020/10/02 1:48 p.m.41 views

RBKmoney: Apple Pay cryptogram replay and amount tampering

During Apple Pay in-app or on-site payments the device generates a payment cryptogram, which contains a transaction ID, encrypted payment data, etc. This is an example of the cryptogram which the phone passes to the internet acquiring service on api.transferwise.com: "token": "paymentData":...

Exploits0
OSV
OSV
added 2020/09/30 6:15 p.m.4 views

CVE-2019-18991

A partial authentication bypass vulnerability exists on Atheros AR9132 3.60AMX.8, AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sen...

5.4CVSS5.8AI score0.0046EPSS
Exploits0References1
NVD
NVD
added 2020/09/30 6:15 p.m.12 views

CVE-2019-18989

A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which wou...

6.1CVSS0.00751EPSS
Exploits0References1
Prion
Prion
added 2020/09/30 6:15 p.m.18 views

Authentication flaw

A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which wou...

4.8CVSS5.4AI score0.00751EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/30 6:15 p.m.22 views

Authentication flaw

A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a...

4.8CVSS5.4AI score0.00751EPSS
Exploits0References1Affected Software4
ATTACKERKB
ATTACKERKB
added 2020/09/30 6:15 p.m.4 views

CVE-2019-18990

A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a...

6.1CVSS6AI score0.00751EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/09/30 5:26 p.m.30 views

CVE-2019-18990

A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a...

6.1CVSS5.4AI score0.00751EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/30 5:22 p.m.18 views

CVE-2019-18989

A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which wou...

6.1CVSS5.4AI score0.00751EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/09/20 11:30 a.m.29 views

Zivver: one delegate can add another delegate and delete other delegates, exposing all confidential inbox messages

Summary: One Delegate can add another delete and delete other delegates, exposing all inbox messages to other delegates and hence exposing all the confidential info can be seen by newly added delegates Steps To Reproduce: add details for how we can reproduce the issue 1. Login as User1 and add a...

6.5AI score
Exploits0
OSV
OSV
added 2020/09/16 12:22 p.m.6 views

SUSE-SU-2020:2647-1 Security update for for SUSE Manager 4.1

This update for SUSE Manager 4.1 fixes the following issues: google-gson: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. httpcomponents-client: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages...

9.3CVSS9.4AI score0.00403EPSS
Exploits1References3
CNVD
CNVD
added 2020/09/10 12:0 a.m.27 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68738)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

7.8CVSS2.9AI score0.00996EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/10 12:0 a.m.29 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63323)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server has an information disclosure vulnerability that stems from the use of a...

5.4CVSS0.3AI score0.00896EPSS
Exploits0References1
CVE
CVE
added 2020/09/09 2:35 p.m.402 views

CVE-2020-1749

CVE-2020-1749 describes a flaw in the Linux kernel’s IPsec networking implementation (notably VXLAN and GENEVE tunnels over IPv6). When an encrypted tunnel is established between two hosts, tunneled data may be misrouted over the encrypted link, causing data to be sent unencrypted and potentially...

7.5CVSS7AI score0.01229EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/09/09 2:35 p.m.45 views

CVE-2020-1749

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

7.5CVSS6.5AI score0.01229EPSS
Exploits0
NVD
NVD
added 2020/09/09 2:15 p.m.23 views

CVE-2020-1968

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

4.3CVSS0.04803EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2020/09/09 1:50 p.m.33 views

CVE-2020-1968

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

4.3CVSS5.5AI score0.04803EPSS
Exploits0
OpenSSL
OpenSSL
added 2020/09/09 12:0 a.m.241 views

Vulnerability in OpenSSL - Raccoon Attack

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

4.1AI score0.04803EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/08 12:0 a.m.4 views

PT-2020-4161 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A information disclosure issue exists due to the use of weak hash algorithms by TLS components. This could allow an attacker to obtain information to further compromise a user's encrypted...

5.4CVSS5.5AI score0.00896EPSS
Exploits0References5
Rows per page
Query Builder