Lucene search
K

5472 matches found

OpenSSL
OpenSSL
added 2020/09/09 12:0 a.m.241 views

Vulnerability in OpenSSL - Raccoon Attack

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

4.1AI score0.04803EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/08 12:0 a.m.4 views

PT-2020-4161 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A information disclosure issue exists due to the use of weak hash algorithms by TLS components. This could allow an attacker to obtain information to further compromise a user's encrypted...

5.4CVSS5.5AI score0.00896EPSS
Exploits0References5
OSV
OSV
added 2020/09/03 9:20 p.m.12 views

GHSA-MFCP-34XW-P57X Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

6.8CVSS7.1AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/09/03 9:20 p.m.29 views

Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

4.6AI score
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2020/09/03 2:20 a.m.25 views

CVE-2020-14382

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

7.8CVSS5.2AI score0.01157EPSS
Exploits0References4
OSV
OSV
added 2020/09/02 3:42 p.m.15 views

GHSA-44VF-8FFM-V2QH Sensitive Data Exposure in rails-session-decoder

All versions of rails-session-decoder are missing verification of the Message Authentication Code appended to the cookies. This may lead to decryption of cipher text thus exposing encrypted information. Recommendation No fix is currently available. Consider using an alternative module until a fix...

7.3AI score
Exploits0References1
The Hacker News
The Hacker News
added 2020/09/02 8:54 a.m.29 views

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...

0.4AI score
Exploits0
OSV
OSV
added 2020/09/01 9:22 p.m.13 views

GHSA-H5VJ-F7R9-W564 Entropy Backdoor in text-qrcode

All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...

9.8CVSS7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/01 9:22 p.m.52 views

Entropy Backdoor in text-qrcode

All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...

1.4AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/01 3:15 p.m.7 views

GHSA-GG6M-FHQV-HG56 Denial of Service in yar

Versions of yar prior to 2.2.0 are affected by a denial of service vulnerability related to an invalid encrypted session cookie value. When an invalid encryped session cookie value is provided, the process will crash. Recommendation Update to version 2.2.0 or later...

7.5CVSS6.4AI score0.02591EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/09/01 3:15 p.m.21 views

Denial of Service in yar

Versions of yar prior to 2.2.0 are affected by a denial of service vulnerability related to an invalid encrypted session cookie value. When an invalid encryped session cookie value is provided, the process will crash. Recommendation Update to version 2.2.0 or later...

4.8AI score0.02591EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/01 12:0 a.m.7 views

PT-2020-15474 · Readyapi +1 · Readyapi Functional Testing Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins SoapUI Pro Functional Testing Plugin versions 1.3 and earlier ReadyAPI Functional Testing Plugin versions 1.3 and earlier Description: The issue concerns the storage of project passwords in an unencrypted manner within job config.xml...

6.5CVSS6.3AI score0.00626EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/09/01 12:0 a.m.5 views

PT-2020-15459 · Jenkins · Jenkins Parameterized Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Parameterized Remote Trigger Plugin versions 3.1.3 and earlier Description: The issue concerns the storage of a secret in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the secret is...

4.3CVSS4.4AI score0.00524EPSS
Exploits0References7
Prion
Prion
added 2020/08/31 3:15 p.m.14 views

Design/Logic Flaw

The Bluetooth Low Energy Secure Manager Protocol SMP implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radi...

5.8CVSS8.8AI score0.00257EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/08/28 3:15 p.m.3 views

CVE-2020-4591

IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746...

3.3CVSS5.7AI score0.00201EPSS
Exploits0References2
Prion
Prion
added 2020/08/28 3:15 p.m.12 views

Design/Logic Flaw

IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746...

1.9CVSS3.6AI score0.00201EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2020/08/26 12:0 a.m.32 views

Downgrade encryption scheme and break integrity through known-plaintext attack (NC-SA-2020-039)

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...

1.9CVSS2.8AI score0.00286EPSS
Exploits2Affected Software1
The Hacker News
The Hacker News
added 2020/08/19 10:5 a.m.3 views

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer P2P botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog ," the modular, multi-threaded and file-less botnet has breached more than 500 servers ...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/19 10:5 a.m.154 views

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer P2P botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers t...

7.2AI score
Exploits0
CNVD
CNVD
added 2020/08/17 12:0 a.m.2 views

SAP Adaptive Server Enterprise Information Disclosure Vulnerability (CNVD-2020-46790)

SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. An information disclosure vulnerability exists in SAP ASE version 16.0. An attacker could exploit the vulnerability to access encrypted sensitive information...

7.8CVSS6.1AI score0.0027EPSS
Exploits0References1
Rows per page
Query Builder