Lucene search
K

5469 matches found

OSV
OSV
added 2020/05/18 3:15 p.m.1 views

DEBIAN-CVE-2020-12801

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...

5.3CVSS6.1AI score0.01255EPSS
Exploits0References1
OSV
OSV
added 2020/05/18 3:15 p.m.1 views

UBUNTU-CVE-2020-12801

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...

5.3CVSS5.7AI score0.01255EPSS
Exploits0References4
CVE
CVE
added 2020/05/18 2:20 p.m.864 views

CVE-2020-12801

CVE-2020-12801 affects LibreOffice 6.3.x prior to 6.3.6 and 6.4.x prior to 6.4.3. If an encrypted document crashes and is recovered, subsequent saves may default to unencrypted even when the document was encrypted, if the recovered file format is not the default ODF format. Public details in conn...

5.3CVSS5.5AI score0.01255EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2020/05/18 2:20 p.m.9 views

CVE-2020-12801 Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...

7.2AI score0.01255EPSS
Exploits0References3
OSV
OSV
added 2020/05/12 12:0 a.m.1 views

UBUNTU-CVE-2020-11932

It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered...

2.3CVSS5.8AI score0.00592EPSS
Exploits3References2
ThreatPost
ThreatPost
added 2020/05/11 3:38 p.m.46 views

Sphinx Malware Returns to Riddle U.S. Targets, with Modifications

The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure. Sphinx re-emerged in December but saw a big spike in March via the use of coronavirus themes. Since April, it has been seen attacking U.S. targets with ...

0.7AI score
Exploits0References8
Malwarebytes
Malwarebytes
added 2020/05/06 3:59 p.m.47 views

New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app

This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura. We recently identified what we believe is a new variant of the Dacls Remote Access Trojan RAT associated with North Korea's Lazarus group, designed specifically for the Mac operating system. Dacls is a RAT that was...

7.2AI score
Exploits0
OSV
OSV
added 2020/05/06 1:15 p.m.6 views

CVE-2020-4092

"If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expos...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/05/05 12:0 a.m.4 views

PT-2020-13062 · Riverbed · Orchestrator

Name of the Vulnerable Software and Affected Versions: Orchestrator affected versions not specified Description: The issue arises from the lack of validation of the certificate used to identify Orchestrator to EdgeConnect devices. This oversight allows an attacker to establish a TLS connection fr...

6CVSS5AI score0.00338EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/04/30 12:0 a.m.4 views

The vulnerability of Microprogrammed Software in Modicon Controllers arises from the existence of rigidly encrypted user data, which allows a intruder to execute any command against the Modicon Controllers.

The vulnerability of Microprogrammed Software in Modicon Controllers stems from the existence of rigidly encoded configuration data used to transmit configuration files to Modicon Controllers. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on Modicon...

7.8CVSS7.7AI score0.0115EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2020/04/28 5:8 p.m.33 views

Threat actors release Troldesh decryption keys

Update: Kaspersky has updated their ShadeDecryptor tool to include decryption for the keys released by "shade team". You can download the tool and find instructions here. A GitHub user claiming to represent the authors of the Troldesh Ransomware calling themselves the “Shade team” published this...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/04/28 3:43 p.m.1 views

kernel: some ipv6 protocols not encrypted over ipsec tunnel

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

7.5CVSS6.6AI score0.01229EPSS
Exploits0References4
CNVD
CNVD
added 2020/04/23 12:0 a.m.2 views

JetBrains TeamCity Information Disclosure Vulnerability (CNVD-2020-27793)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...

4.9CVSS7.1AI score0.00852EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.8 views

The vulnerability of the programmable user-programmable gate array (PPVM) for Xilinx Spartan, Artix, Kintex, and Virtex programmable integrated circuits lies in the possibility of intercepting/mocking the file containing the encrypted control bitstream, allowing a hacker to gain full control over the programmable integrated circuits.

The vulnerability of the programmable user-programmable gate array PPVM for Xilinx Spartan, Artix, Kintex, and Virtex programmable logic integrated circuits lies in the ability to intercept or replace the file containing the encrypted control bitstream. Exploiting this vulnerability can allow an...

9CVSS5.5AI score
Exploits0References4Affected Software4
Tenable Nessus
Tenable Nessus
added 2020/04/22 12:0 a.m.41 views

RHEL 7 / 8 : Ansible security update (2.9.7) (Important) (RHSA-2020:1542)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1542 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over S...

7.9CVSS6.9AI score0.00506EPSS
Exploits3References22
CNVD
CNVD
added 2020/04/22 12:0 a.m.2 views

HCL Technologies AppScan Enterprise Trust Management Issue Vulnerability

HCL Technologies AppScan is a suite of dynamic analysis testing tools from HCL Technologies, India, which is primarily used for web security testing. A security vulnerability exists in HCL Technologies AppScan Enterprise 9.0.3.14 and earlier versions, which stems from the product's use of...

7.5CVSS6.8AI score0.01015EPSS
Exploits0References1
OSV
OSV
added 2020/04/21 7:15 p.m.4 views

CVE-2019-4327

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...

7.5CVSS7.1AI score
Exploits0References1
NVD
NVD
added 2020/04/21 7:15 p.m.24 views

CVE-2019-4327

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...

7.5CVSS7.5AI score0.01015EPSS
Exploits0References1
Prion
Prion
added 2020/04/21 7:15 p.m.17 views

Hardcoded credentials

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...

5CVSS7.5AI score0.01015EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/21 6:13 p.m.25 views

CVE-2019-4327

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...

7.5AI score0.01015EPSS
Exploits0References1
Rows per page
Query Builder